Loading ...

Play interactive tourEdit tour

Windows Analysis Report DHL_AWB_DOCUMENT_pdf.exe

Overview

General Information

Sample Name:DHL_AWB_DOCUMENT_pdf.exe
Analysis ID:500841
MD5:27e7a44ab2f5d2c40c374d5893257ac5
SHA1:b0c7952addaa502e6c1dbea7474e534f2264742f
SHA256:fa38ec9464602a1727813004fc616d9d0359c37da01b7d07c3e38784c0b2a46d
Tags:DHLexeHawkEye
Infos:

Most interesting Screenshot:

Detection

HawkEye MailPassView
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected MailPassView
Yara detected HawkEye Keylogger
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Detected HawkEye Rat
Sample uses process hollowing technique
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to steal Mail credentials (via file registry)
Allocates memory in foreign processes
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Yara detected WebBrowserPassView password recovery tool
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to steal Instant Messenger accounts or passwords
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Yara detected Credential Stealer
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Enables debug privileges
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • DHL_AWB_DOCUMENT_pdf.exe (PID: 6808 cmdline: 'C:\Users\user\Desktop\DHL_AWB_DOCUMENT_pdf.exe' MD5: 27E7A44AB2F5D2C40C374D5893257AC5)
    • schtasks.exe (PID: 5140 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\RQXCXKwIG' /XML 'C:\Users\user\AppData\Local\Temp\tmpCC16.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 5268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • DHL_AWB_DOCUMENT_pdf.exe (PID: 5584 cmdline: C:\Users\user\Desktop\DHL_AWB_DOCUMENT_pdf.exe MD5: 27E7A44AB2F5D2C40C374D5893257AC5)
      • vbc.exe (PID: 5484 cmdline: 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext 'C:\Users\user\AppData\Local\Temp\tmp9660.tmp' MD5: C63ED21D5706A527419C9FBD730FFB2E)
      • vbc.exe (PID: 1256 cmdline: 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext 'C:\Users\user\AppData\Local\Temp\tmp93FB.tmp' MD5: C63ED21D5706A527419C9FBD730FFB2E)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000003.407277788.0000000004AB5000.00000004.00000001.sdmpJoeSecurity_MailPassViewYara detected MailPassViewJoe Security
    00000008.00000003.407277788.0000000004AB5000.00000004.00000001.sdmpJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
      00000008.00000002.617994550.000000000335E000.00000004.00000001.sdmpJoeSecurity_MailPassViewYara detected MailPassViewJoe Security
        00000000.00000002.411663887.0000000003DF4000.00000004.00000001.sdmpMAL_HawkEye_Keylogger_Gen_Dec18Detects HawkEye Keylogger RebornFlorian Roth
        • 0x87ede:$s1: HawkEye Keylogger
        • 0x87f47:$s1: HawkEye Keylogger
        • 0x81321:$s2: _ScreenshotLogger
        • 0x812ee:$s3: _PasswordStealer
        00000000.00000002.411663887.0000000003DF4000.00000004.00000001.sdmpJoeSecurity_HawkEyeYara detected HawkEye KeyloggerJoe Security
          Click to see the 24 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          23.2.vbc.exe.400000.0.raw.unpackAPT_NK_BabyShark_KimJoingRAT_Apr19_1Detects BabyShark KimJongRATFlorian Roth
          • 0x147b0:$a1: logins.json
          • 0x14710:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
          • 0x14f34:$s4: \mozsqlite3.dll
          • 0x137a4:$s5: SMTP Password
          23.2.vbc.exe.400000.0.raw.unpackJoeSecurity_MailPassViewYara detected MailPassViewJoe Security
            8.3.DHL_AWB_DOCUMENT_pdf.exe.4ab5890.2.unpackAPT_NK_BabyShark_KimJoingRAT_Apr19_1Detects BabyShark KimJongRATFlorian Roth
            • 0x696fa:$a1: logins.json
            • 0x6965a:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
            • 0x69e7e:$s4: \mozsqlite3.dll
            • 0x686ee:$s5: SMTP Password
            8.3.DHL_AWB_DOCUMENT_pdf.exe.4ab5890.2.unpackJoeSecurity_MailPassViewYara detected MailPassViewJoe Security
              8.3.DHL_AWB_DOCUMENT_pdf.exe.4ab5890.2.unpackJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
                Click to see the 54 entries

                Sigma Overview

                No Sigma rule has matched

                Jbx Signature Overview

                Click to jump to signature section

                Show All Signature Results
                Source: 8.2.DHL_AWB_DOCUMENT_pdf.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                Source: DHL_AWB_DOCUMENT_pdf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                Source: DHL_AWB_DOCUMENT_pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                Source: Binary string: c:\Projects\VS2005\WebBrowserPassView\Command-Line\WebBrowserPassView.pdb source: DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000003.407277788.0000000004AB5000.00000004.00000001.sdmp, vbc.exe
                Source: Binary string: c:\Projects\VS2005\mailpv\Command-Line\mailpv.pdb source: DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000003.407277788.0000000004AB5000.00000004.00000001.sdmp, vbc.exe
                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 10_2_0040938F FindFirstFileW,FindNextFileW,wcslen,wcslen,10_2_0040938F
                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 10_2_00408CAC FindFirstFileW,FindNextFileW,FindClose,10_2_00408CAC
                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 23_2_0040702D FindFirstFileA,FindNextFileA,strlen,strlen,23_2_0040702D
                Source: vbc.exe, 0000000A.00000002.428619923.00000000021B0000.00000004.00000001.sdmpString found in binary or memory: ?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736938632;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736938632;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=9774759596232;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=9774759596232;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://login.live.com/me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fwww.microsoft.com&uaid=ab104b93-3a7d-4cc3-b5fe-9fa9f0462c64&partnerId=retailstore2https://login.live.com/me.srfhttp://cookies.onetrust.mgr.consensu.org/?name=euconsent&value=&expire=0&isFirstRequest=truehttp://cookies.onetrust.mgr.consensu.org/https://www.microsoft.com/en-us/welcomeie11/welcomeie11https://www.microsoft.com/store/buy/cartcounthttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
                Source: vbc.exe, 0000000A.00000002.428619923.00000000021B0000.00000004.00000001.sdmpString found in binary or memory: ?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736938632;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736938632;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=9774759596232;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=9774759596232;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://login.live.com/me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fwww.microsoft.com&uaid=ab104b93-3a7d-4cc3-b5fe-9fa9f0462c64&partnerId=retailstore2https://login.live.com/me.srfhttp://cookies.onetrust.mgr.consensu.org/?name=euconsent&value=&expire=0&isFirstRequest=truehttp://cookies.onetrust.mgr.consensu.org/https://www.microsoft.com/en-us/welcomeie11/welcomeie11https://www.microsoft.com/store/buy/cartcounthttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000003.407277788.0000000004AB5000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000002.428216908.0000000000400000.00000040.00000001.sdmpString found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000003.407277788.0000000004AB5000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000002.428216908.0000000000400000.00000040.00000001.sdmpString found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
                Source: vbc.exeString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
                Source: vbc.exe, 0000000A.00000003.427396423.00000000021AE000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0https://www.google.com/chrome/thank-you.htmlabout:blankhttps://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://go.microsoft.com/fwlink/?LinkId=517287https://go.microsoft.com/fwlink/https://go.microsoft.com/fwlink/?LinkId=838604https://go.microsoft.com/fwlink/p/?LinkId=255141https://go.microsoft.com/fwlink/p/https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=7&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.phphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=199&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1https://contextual.media.net/medianet.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=348&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=2&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttp://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.com/de-ch/https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://www.microsoft.com/en-us/welcomeie11/https://www.microsoft.com/en-us/edge?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edgehttps://www.microsoft.com/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/edge/https://www.microsoft.com/en-us/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edge/http://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/res://C:\Windows\system32\mmcndmgr.dll/views.htmhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736938632;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736938632;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.c
                Source: vbc.exe, 0000000A.00000003.427396423.00000000021AE000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0https://www.google.com/chrome/thank-you.htmlabout:blankhttps://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://go.microsoft.com/fwlink/?LinkId=517287https://go.microsoft.com/fwlink/https://go.microsoft.com/fwlink/?LinkId=838604https://go.microsoft.com/fwlink/p/?LinkId=255141https://go.microsoft.com/fwlink/p/https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=7&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.phphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=199&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1https://contextual.media.net/medianet.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=348&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=2&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttp://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.com/de-ch/https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://www.microsoft.com/en-us/welcomeie11/https://www.microsoft.com/en-us/edge?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edgehttps://www.microsoft.com/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/edge/https://www.microsoft.com/en-us/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edge/http://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/res://C:\Windows\system32\mmcndmgr.dll/views.htmhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736938632;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736938632;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.c
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000002.616495214.0000000003253000.00000004.00000001.sdmpString found in binary or memory: http://bot.whatismyipaddress.com/
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertECCSecureServerCA.crt0
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt0
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt0
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSecureSiteECCCA-1.crt0
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://cookies.onetrust.mgr.consensu.org/?name=euconsent&value=&expire=0&isFirstRequest=true
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://cookies.onetrust.mgr.consensu.org/onetrust-logo.svg
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl.pki.goog/GTS1O1core.crl0
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl.pki.goog/GTSGIAG3.crl0
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl3.digicert.com/DigiCertSecureSiteECCCA-1.crl0
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl3.digicert.com/sha2-ev-server-g2.crl04
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g6.crl04
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl3.digicert.com/ssca-ecc-g1.crl0.
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl3.digicert.com/ssca-sha2-g6.crl0/
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl4.digicert.com/DigiCertSecureSiteECCCA-1.crl0L
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl4.digicert.com/sha2-ev-server-g2.crl0K
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crl0L
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl4.digicert.com/ssca-ecc-g1.crl0L
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://crl4.digicert.com/ssca-sha2-g6.crl0L
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.350023260.0000000005BDD000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com1
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://google.com/chrome
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6IiIsIml1ZSI6Imh0dHA6Ly9pbWFnZXMyLnplbWFudGEuY29tL
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6IjIwZTg0ZTY4NTUwZTU4OGJhMzFmNmI5YjE4N2E4NDAyZWVmO
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6IjJhM2VjZmJmYzJjMzAzZjVjMGM1MjhiNDZjYWEyNDY0MGI2M
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6Ijk4OGQ1ZDgwMWE2ODQ2NDNkM2ZkMmYyMGEwOTgwMWQ3MDE2Z
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6ImQ1Y2M3ZjUxNTk0ZjI1ZWI5NjQxNjllMjcxMDliYzA5MWY4N
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA61Ofl?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA7XCQ3?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AABzUSt?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADsAOZ?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADsZuW?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuTp7?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuZko?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADv4Ge?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADv842?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADv9IZ?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvbPR?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvbce?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvhNP?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvhax?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvqEs?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvuGs?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvzqT?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyuliQ?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzjSw3?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB16g6qc?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB17milU?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB18T33l?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=j
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xDME?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xGDT?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xMWp?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xaUu?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xssM?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xzm6?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=j
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yF6n?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=j
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yFoT?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yG8H?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yKf2?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19ylKx?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yuvA?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=j
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yxVU?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1kc8s?m=6&o=true&u=true&n=true&w=30&h=30
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB6Ma4a?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB7hjL?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBMQmHU?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBMVUFn?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBO5Geh?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBPfCZL?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBRUB0d?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBS0Ogx?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBVuaWG?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBVuddh?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBWoHwx?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBX2afX?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBih5H?m=6&o=true&u=true&n=true&w=30&h=30
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBkwUr?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBnYSFZ?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BByBEMv?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://ocsp.digicert.com0
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://ocsp.digicert.com0:
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://ocsp.digicert.com0B
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://ocsp.digicert.com0E
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://ocsp.digicert.com0F
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://ocsp.digicert.com0K
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://ocsp.digicert.com0M
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://ocsp.digicert.com0R
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://ocsp.msocsp.com0
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://ocsp.pki.goog/GTSGIAG30
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://ocsp.pki.goog/gsr202
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://ocsp.pki.goog/gts1o1core0
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0#
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0M
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://pki.goog/gsr2/GTSGIAG3.crt0)
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000002.616495214.0000000003253000.00000004.00000001.sdmpString found in binary or memory: http://pomf.cat/upload.php
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.411663887.0000000003DF4000.00000004.00000001.sdmp, DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000002.613924819.0000000000402000.00000040.00000001.sdmpString found in binary or memory: http://pomf.cat/upload.php&https://a.pomf.cat/
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000002.616495214.0000000003253000.00000004.00000001.sdmpString found in binary or memory: http://pomf.cat/upload.phpCContent-Disposition:
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.409575896.0000000002CF1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/2366737e/webcore/externalscripts/oneTrust/ski
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/5445db85/webcore/externalscripts/oneTrust/de-
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/975a7d20/webcore/externalscripts/jquery/jquer
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/css/3bf20fde-50425371/directi
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/css/f60532dd-3aac3bb8/directi
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/3bf20fde-2923b6c2/directio
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/3bf20fde-b532f4eb/directio
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/f60532dd-2923b6c2/directio
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/f60532dd-f8dd99d9/directio
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/11/755f86.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/64/a8a064.gif
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/81/58b810.gif
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/86/2042ed.woff
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/9b/e151e5.gif
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/ea/4996b9.woff
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA61Ofl.img?h=16&w=16&m
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA7XCQ3.img?h=16&w=16&m
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AABzUSt.img?h=368&w=622
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADsAOZ.img?h=333&w=311
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADsZuW.img?h=166&w=310
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuTp7.img?h=333&w=311
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuZko.img?h=75&w=100&
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADv4Ge.img?h=75&w=100&
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADv842.img?h=250&w=300
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADv9IZ.img?h=75&w=100&
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvbPR.img?h=250&w=300
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvbce.img?h=166&w=310
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvhNP.img?h=166&w=310
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvhax.img?h=166&w=310
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvqEs.img?h=166&w=310
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvuGs.img?h=333&w=311
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvzqT.img?h=166&w=310
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAyuliQ.img?h=16&w=16&m
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAzjSw3.img?h=16&w=16&m
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16g6qc.img?h=27&w=27&
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB17milU.img?h=16&w=16&
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB18T33l.img?h=333&w=31
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xDME.img?h=75&w=100
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xGDT.img?h=166&w=31
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xMWp.img?h=75&w=100
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xaUu.img?h=166&w=31
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xssM.img?h=75&w=100
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xzm6.img?h=250&w=30
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yF6n.img?h=333&w=31
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yFoT.img?h=75&w=100
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yG8H.img?h=166&w=31
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yKf2.img?h=75&w=100
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19ylKx.img?h=75&w=100
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yuvA.img?h=250&w=30
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yxVU.img?h=166&w=31
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1kc8s.img?m=6&o=true&
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB6Ma4a.img?h=16&w=16&m
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB7hjL.img?h=16&w=16&m=
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBMQmHU.img?h=16&w=16&m
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBMVUFn.img?h=16&w=16&m
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBO5Geh.img?h=16&w=16&m
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&w=27&m
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBRUB0d.img?h=16&w=16&m
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBS0Ogx.img?h=75&w=100&
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBVuaWG.img?h=16&w=16&m
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBVuddh.img?h=16&w=16&m
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBWoHwx.img?h=27&w=27&m
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&w=27&m
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBih5H.img?m=6&o=true&u
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBkwUr.img?h=16&w=16&m=
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBnYSFZ.img?h=16&w=16&m
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BByBEMv.img?h=16&w=16&m
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.406489410.0000000005BA0000.00000004.00000001.sdmpString found in binary or memory: http://www.agfamonotype.D
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.409575896.0000000002CF1000.00000004.00000001.sdmpString found in binary or memory: http://www.collada.org/2005/11/COLLADASchema9Done
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.358176831.0000000005BBF000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.359159942.0000000005BB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html(
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.361351607.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comals
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.361351607.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comalsF
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.361351607.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comalsL
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.406489410.0000000005BA0000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.como?
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.406489410.0000000005BA0000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comttvaE
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.349317588.0000000005BDD000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.349317588.0000000005BDD000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com8
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.352865117.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.c
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.352050203.0000000005BB1000.00000004.00000001.sdmp, DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.351567372.0000000005BA3000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.351461656.0000000005BA3000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnF
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.352050203.0000000005BB1000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnaF
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.351567372.0000000005BA3000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnrmX
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.351567372.0000000005BA3000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnt-b
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.355152421.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.355814566.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/)
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.355152421.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//typ?
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.355814566.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/://w
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.355381871.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/L
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.355152421.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.354690233.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/a
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.355381871.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/h
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.355381871.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.355152421.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/a
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.355381871.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/s/t
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.355814566.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/w
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.355152421.0000000005BA6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/~
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://www.msn.com
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://www.msn.com/
                Source: vbc.exe, 0000000A.00000003.426541326.0000000002191000.00000004.00000001.sdmp, bhvFA16.tmp.10.drString found in binary or memory: http://www.msn.com/?ocid=iehp
                Source: vbc.exe, 0000000A.00000003.427396423.00000000021AE000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.426355600.00000000021AD000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.425913164.00000000021A3000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.425947836.00000000021AD000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.co
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://www.msn.com/de-ch/?ocid=iehp
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/consent/55a804
                Source: bhvFA16.tmp.10.drString found in binary or memory: http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/scripttemplate
                Source: vbc.exe, 0000000A.00000002.428156905.000000000019C000.00000004.00000001.sdmpString found in binary or memory: http://www.nirsoft.net
                Source: vbc.exe, vbc.exe, 00000017.00000002.551755492.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.nirsoft.net/
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.348950847.000000000146D000.00000004.00000001.sdmp, DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.348950847.000000000146D000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.comenznd
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.348950847.000000000146D000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.comiv
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.356464733.0000000005BBF000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.356383567.0000000005BBF000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.comc
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.352624849.0000000005BA4000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.357827016.0000000005BBF000.00000004.00000001.sdmp, DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.361646762.0000000005BBF000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.de
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000003.357827016.0000000005BBF000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.dep(
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.415301758.0000000006DB2000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=9774759596232;g
                Source: vbc.exe, 0000000A.00000003.427396423.00000000021AE000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.426355600.00000000021AD000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000002.428619923.00000000021B0000.00000004.00000001.sdmp, bhvFA16.tmp.10.drString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=30055406629
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736
                Source: DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000002.616495214.0000000003253000.00000004.00000001.sdmpString found in binary or memory: https://a.pomf.cat/
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gt
                Source: vbc.exe, 0000000A.00000003.426179059.0000000002191000.00000004.00000001.sdmp, bhvFA16.tmp.10.drString found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gtm=
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://arc.msn.com/v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC54c8a2b02c3446f48a60b41e8a5ff47
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC5bdddb231cf54f958a5b6e76e9d8eee
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC828bc1cde9f04b788c98b5423157734
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC9b2d2bc73c8a4a1d8dd5c3d69b6634a
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc13122162a9a46c3b4cbf05ffccde0f
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc71c68d7b8f049b6a6f3b669bd5d00c
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCee0d4d5fd4424c8390d703b105f82c3
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCfd484f9188564713bbc5d13d862ebbf
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://assets.adobedtm.com/launch-EN7b3d710ac67a4a1195648458258f97dd.min.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://contextual.media.net/
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://contextual.media.net/48/nrrV18753.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://contextual.media.net/__media__/js/util/nrrV9140.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
                Source: vbc.exe, 0000000A.00000003.426107043.00000000021AD000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.425835768.00000000021A3000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.426519624.00000000021AD000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.427396423.00000000021AE000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.426355600.00000000021AD000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.425913164.00000000021A3000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.425947836.00000000021AD000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/checksync.phphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
                Source: vbc.exe, 0000000A.00000003.426107043.00000000021AD000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.425835768.00000000021A3000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.426519624.00000000021AD000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.427396423.00000000021AE000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.426355600.00000000021AD000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.425913164.00000000021A3000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.425947836.00000000021AD000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1https://c
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://cvision.media.net/new/286x175/2/189/134/171/257b11a9-f3a3-4bb3-9298-c791f456f3d0.jpg?v=9
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://cvision.media.net/new/286x175/3/248/152/169/520bb037-5f8d-42d6-934b-d6ec4a6832e8.jpg?v=9
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://cvision.media.net/new/300x300/2/189/9/46/83cfba42-7d45-4670-a4a7-a3211ca07534.jpg?v=9
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://cvision.media.net/new/300x300/3/167/174/27/39ab3103-8560-4a55-bfc4-401f897cf6f2.jpg?v=9
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://cvision.media.net/new/300x300/3/237/70/222/47ef75a1-aa03-4dce-a349-91d6a5ed47bb.jpg?v=9
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B9B620FEE
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://fonts.googleapis.com/css?family=Google
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlI3K.woff
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94bt3.woff
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9vAA.woff
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Me5g.woff
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4DnuZ
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Dnv6
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Dnwt
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4DsDH
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmQ
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmV
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmZ
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FGwC
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4n1yl
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4n4cm
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ncJ7
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ncJa
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4nqTh
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4sQww?ver=37ff
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tD2S
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tG3O
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tIoW
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tIoY
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tKUA
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tMOD
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tMOM
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tQVa
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4u1kF
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ubMD
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqj5
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4zuiC
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWeTGO?ver=8c74&q=90&m=
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_fill%
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: vbc.exe, 0000000A.00000003.426179059.0000000002191000.00000004.00000001.sdmp, bhvFA16.tmp.10.drString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: vbc.exeString found in binary or memory: https://login.yahoo.com/config/login
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://logincdn.msauth.net/16.000.28230.00/MeControl.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meBoot.min.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meCore.min.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://mwf-service.akamaized.net/mwf/css/bundle/1.57.0/west-european/default/mwf-main.min.css
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://mwf-service.akamaized.net/mwf/js/bundle/1.57.0/mwf-auto-init-main.var.min.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/css/optanon.c
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/images/cookie
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://pki.goog/repository/0
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://prod-video-cms-rt-microsoft-com.akamaized.net/vhs/api/videos/RE4sQBc
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://srtb.msn.com/auction?a=de-ch&b=fa1a6a09db4c4f6fbf480b78c51caf60&c=MSN&d=http%3A%2F%2Fwww.msn
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css?c=7
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.digicert.com/CPS0
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google-analytics.com/analytics.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=GTM-N7S69J3&cid=1824632442.1601478955
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/
                Source: vbc.exeString found in binary or memory: https://www.google.com/accounts/servicelogin
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/application/x-msdownloadC:
                Source: vbc.exe, 0000000A.00000003.426107043.00000000021AD000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.425835768.00000000021A3000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.426519624.00000000021AD000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.427396423.00000000021AE000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.426355600.00000000021AD000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.425947836.00000000021AD000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/css/main.v2.min.css
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/css/main.v3.min.css
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/app-store-download.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/chrome-logo.svg
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/chrome_safari-behavior.jpg
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/chrome_throbber_fast.gif
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/cursor-replay.cur
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/download-browser/big_pixel_phone.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/download-browser/pixel_phone.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/download-browser/pixel_tablet.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/google-chrome-logo.jpg
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/google-logo-one-color.jpg
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-description-white-blue-bg.jpg
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-fb.jpg
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-file-download.jpg
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-help.jpg
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-twitter.jpg
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-youtube.jpg
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/folder-applications.svg
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/google-play-download.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-beta.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-canary.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-dev.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-enterprise.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-bottom-left.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-middle.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-top-right.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_features.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_privacy.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_tools.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/laptop_desktop.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/icon-announcement.svg
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/icon-file-download.svg
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/mac-ico.png
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/images/thank-you/thankyou-animation.json
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/js/installer.min.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/static/js/main.v2.min.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0
                Source: vbc.exe, 0000000A.00000003.426107043.00000000021AD000.00000004.00000001.sdmp, vbc.exe, 0000000A.00000003.425913164.00000000021A3000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0https:/
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.googleadservices.com/pagead/conversion.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.googleadservices.com/pagead/conversion_async.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.googleadservices.com/pagead/p3p.xml
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-26908291-4
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-PZ6TRJB
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.gstatic.com/external_hosted/autotrack/autotrack.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.gstatic.com/external_hosted/lottie/lottie.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.gstatic.com/external_hosted/modernizr/modernizr.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.gstatic.com/external_hosted/scrollmagic/ScrollMagic.min.js
                Source: bhvFA16.tmp.10.drString found in binary or memory: https://www.gstatic.com/external_hosted/scrollmagic/animation.gsap.min.js

                Key, Mouse, Clipboard, Microphone and Screen Capturing:

                barindex
                Yara detected HawkEye KeyloggerShow sources
                Source: Yara matchFile source: 0.2.DHL_AWB_DOCUMENT_pdf.exe.420e300.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.DHL_AWB_DOCUMENT_pdf.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.DHL_AWB_DOCUMENT_pdf.exe.420e300.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.DHL_AWB_DOCUMENT_pdf.exe.402ac80.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.411663887.0000000003DF4000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.413371192.0000000003F3C000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.616495214.0000000003253000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.613924819.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: DHL_AWB_DOCUMENT_pdf.exe PID: 6808, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: DHL_AWB_DOCUMENT_pdf.exe PID: 5584, type: MEMORYSTR
                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 10_2_0040F078 OpenClipboard,GetLastError,DeleteFileW,10_2_0040F078

                System Summary: