Loading ...

Play interactive tourEdit tour

Windows Analysis Report DHL_AWB_DOCUMENT_pdf.exe

Overview

General Information

Sample Name:DHL_AWB_DOCUMENT_pdf.exe
Analysis ID:500851
MD5:1b20cc08d2181fb763011894d429ad46
SHA1:7ace5eee56eec0bfd4d365999795e3773513084e
SHA256:de1730eddefee2b8d8193d92b02fc5a3fd1bf6d54c6f55eff53c85c8a2501a79
Tags:DHLexeHawkEye
Infos:

Most interesting Screenshot:

Detection

HawkEye MailPassView
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected MailPassView
Yara detected HawkEye Keylogger
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Detected HawkEye Rat
Sample uses process hollowing technique
Initial sample is a PE file and has a suspicious name
.NET source code references suspicious native API functions
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to steal Mail credentials (via file registry)
.NET source code contains potential unpacker
Yara detected WebBrowserPassView password recovery tool
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to steal Instant Messenger accounts or passwords
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Yara detected Credential Stealer
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Enables debug privileges
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • DHL_AWB_DOCUMENT_pdf.exe (PID: 3220 cmdline: 'C:\Users\user\Desktop\DHL_AWB_DOCUMENT_pdf.exe' MD5: 1B20CC08D2181FB763011894D429AD46)
    • schtasks.exe (PID: 4308 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\lgrlEexTAQO' /XML 'C:\Users\user\AppData\Local\Temp\tmp9820.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 5044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • DHL_AWB_DOCUMENT_pdf.exe (PID: 1928 cmdline: C:\Users\user\Desktop\DHL_AWB_DOCUMENT_pdf.exe MD5: 1B20CC08D2181FB763011894D429AD46)
      • vbc.exe (PID: 1284 cmdline: 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext 'C:\Users\user\AppData\Local\Temp\tmp2B6B.tmp' MD5: C63ED21D5706A527419C9FBD730FFB2E)
      • vbc.exe (PID: 6108 cmdline: 'C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /stext 'C:\Users\user\AppData\Local\Temp\tmp25DA.tmp' MD5: C63ED21D5706A527419C9FBD730FFB2E)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000003.283675051.0000000004D45000.00000004.00000001.sdmpJoeSecurity_MailPassViewYara detected MailPassViewJoe Security
    00000008.00000003.283675051.0000000004D45000.00000004.00000001.sdmpJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
      00000000.00000002.289239450.0000000003EF9000.00000004.00000001.sdmpMAL_HawkEye_Keylogger_Gen_Dec18Detects HawkEye Keylogger RebornFlorian Roth
      • 0x88196:$s1: HawkEye Keylogger
      • 0x881ff:$s1: HawkEye Keylogger
      • 0x815d9:$s2: _ScreenshotLogger
      • 0x815a6:$s3: _PasswordStealer
      00000000.00000002.289239450.0000000003EF9000.00000004.00000001.sdmpJoeSecurity_HawkEyeYara detected HawkEye KeyloggerJoe Security
        00000000.00000002.289625534.0000000004045000.00000004.00000001.sdmpMAL_HawkEye_Keylogger_Gen_Dec18Detects HawkEye Keylogger RebornFlorian Roth
        • 0x3548fe:$s1: HawkEye Keylogger
        • 0x354967:$s1: HawkEye Keylogger
        • 0x34dd41:$s2: _ScreenshotLogger
        • 0x34dd0e:$s3: _PasswordStealer
        Click to see the 24 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        26.2.vbc.exe.400000.0.raw.unpackAPT_NK_BabyShark_KimJoingRAT_Apr19_1Detects BabyShark KimJongRATFlorian Roth
        • 0x147b0:$a1: logins.json
        • 0x14710:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
        • 0x14f34:$s4: \mozsqlite3.dll
        • 0x137a4:$s5: SMTP Password
        26.2.vbc.exe.400000.0.raw.unpackJoeSecurity_MailPassViewYara detected MailPassViewJoe Security
          8.2.DHL_AWB_DOCUMENT_pdf.exe.5910000.5.raw.unpackAPT_NK_BabyShark_KimJoingRAT_Apr19_1Detects BabyShark KimJongRATFlorian Roth
          • 0x6b4fa:$a1: logins.json
          • 0x6b45a:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
          • 0x6bc7e:$s4: \mozsqlite3.dll
          • 0x6a4ee:$s5: SMTP Password
          8.2.DHL_AWB_DOCUMENT_pdf.exe.5910000.5.raw.unpackJoeSecurity_MailPassViewYara detected MailPassViewJoe Security
            8.2.DHL_AWB_DOCUMENT_pdf.exe.5910000.5.raw.unpackJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
              Click to see the 54 entries

              Sigma Overview

              No Sigma rule has matched

              Jbx Signature Overview

              Click to jump to signature section

              Show All Signature Results
              Source: 8.2.DHL_AWB_DOCUMENT_pdf.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
              Source: DHL_AWB_DOCUMENT_pdf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
              Source: DHL_AWB_DOCUMENT_pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Source: Binary string: c:\Projects\VS2005\WebBrowserPassView\Command-Line\WebBrowserPassView.pdb source: DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000003.283675051.0000000004D45000.00000004.00000001.sdmp, vbc.exe
              Source: Binary string: c:\Projects\VS2005\mailpv\Command-Line\mailpv.pdb source: DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000003.283675051.0000000004D45000.00000004.00000001.sdmp, vbc.exe
              Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 13_2_0040938F FindFirstFileW,FindNextFileW,wcslen,wcslen,13_2_0040938F
              Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 13_2_00408CAC FindFirstFileW,FindNextFileW,FindClose,13_2_00408CAC
              Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 26_2_0040702D FindFirstFileA,FindNextFileA,strlen,strlen,26_2_0040702D
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000003.283675051.0000000004D45000.00000004.00000001.sdmp, vbc.exe, 0000000D.00000002.302901584.0000000000400000.00000040.00000001.sdmpString found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000003.283675051.0000000004D45000.00000004.00000001.sdmp, vbc.exe, 0000000D.00000002.302901584.0000000000400000.00000040.00000001.sdmpString found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
              Source: vbc.exeString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
              Source: vbc.exe, 0000000D.00000003.302167416.0000000002268000.00000004.00000001.sdmpString found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token&nonce=5cc75168-41b2-44e1-97be-a6965c7dcef4&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fnosignin&scope=openid&response_mode=form_post&msafed=0&prompt=none&state=%7b%22ig%22%3a%2241C163740D104A3C92254F8DC4EFA2A6%22%7dhttps://login.microsoftonline.com/common/oauth2/authorizehttp://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=160&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.phphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=5&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1https://contextual.media.net/medianet.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=125&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=3&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://www.bing.com/search?q=chrome&src=IE-SearchBox&FORM=IESR4A&pc=EUPP_https://www.bing.com/searchhttps://www.bing.com/orgid/idtoken/nosigninhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852188168;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852188168;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttp://www.msn.com/?ocid=iehphttp://www.msn.com/http://
              Source: vbc.exe, 0000000D.00000003.302167416.0000000002268000.00000004.00000001.sdmpString found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token&nonce=5cc75168-41b2-44e1-97be-a6965c7dcef4&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fnosignin&scope=openid&response_mode=form_post&msafed=0&prompt=none&state=%7b%22ig%22%3a%2241C163740D104A3C92254F8DC4EFA2A6%22%7dhttps://login.microsoftonline.com/common/oauth2/authorizehttp://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=160&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.phphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=5&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1https://contextual.media.net/medianet.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=125&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=3&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://www.bing.com/search?q=chrome&src=IE-SearchBox&FORM=IESR4A&pc=EUPP_https://www.bing.com/searchhttps://www.bing.com/orgid/idtoken/nosigninhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852188168;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852188168;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttp://www.msn.com/?ocid=iehphttp://www.msn.com/http://
              Source: vbc.exe, 0000000D.00000003.302319915.0000000002268000.00000004.00000001.sdmpString found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token&nonce=5cc75168-41b2-44e1-97be-a6965c7dcef4&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fnosignin&scope=openid&response_mode=form_post&msafed=0&prompt=none&state=%7b%22ig%22%3a%2241C163740D104A3C92254F8DC4EFA2A6%22%7dhttps://login.microsoftonline.com/common/oauth2/authorizehttp://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=160&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.phphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=5&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1https://contextual.media.net/medianet.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=125&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=3&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://www.bing.com/search?q=chrome&src=IE-SearchBox&FORM=IESR4A&pc=EUPP_https://www.bing.com/searchhttps://www.bing.com/orgid/idtoken/nosigninhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852188168;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852188168;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttp://www.msn.com/?ocid=iehphttp://www.msn.com/http://
              Source: vbc.exe, 0000000D.00000003.302319915.0000000002268000.00000004.00000001.sdmpString found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token&nonce=5cc75168-41b2-44e1-97be-a6965c7dcef4&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fnosignin&scope=openid&response_mode=form_post&msafed=0&prompt=none&state=%7b%22ig%22%3a%2241C163740D104A3C92254F8DC4EFA2A6%22%7dhttps://login.microsoftonline.com/common/oauth2/authorizehttp://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=160&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.phphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=5&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1https://contextual.media.net/medianet.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=125&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=3&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://www.bing.com/search?q=chrome&src=IE-SearchBox&FORM=IESR4A&pc=EUPP_https://www.bing.com/searchhttps://www.bing.com/orgid/idtoken/nosigninhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852188168;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852188168;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttp://www.msn.com/?ocid=iehphttp://www.msn.com/http://
              Source: vbc.exe, 0000000D.00000003.301820365.0000000002268000.00000004.00000001.sdmpString found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token&nonce=5cc75168-41b2-44e1-97be-a6965c7dcef4&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fnosignin&scope=openid&response_mode=form_post&msafed=0&prompt=none&state=%7b%22ig%22%3a%2241C163740D104A3C92254F8DC4EFA2A6%22%7dhttps://login.microsoftonline.com/common/oauth2/authorizehttp://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=160&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.phphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=5&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1https://contextual.media.net/medianet.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=125&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=3&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://www.bing.com/search?q=chrome&src=IE-SearchBox&FORM=IESR4A&pc=EUPP_https://www.bing.com/searchhttps://www.bing.com/orgid/idtoken/nosigninhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852188168;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852188168;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttp://www.msn.com/?ocid=iehphttp://www.msn.com/http://
              Source: vbc.exe, 0000000D.00000003.301820365.0000000002268000.00000004.00000001.sdmpString found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token&nonce=5cc75168-41b2-44e1-97be-a6965c7dcef4&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fnosignin&scope=openid&response_mode=form_post&msafed=0&prompt=none&state=%7b%22ig%22%3a%2241C163740D104A3C92254F8DC4EFA2A6%22%7dhttps://login.microsoftonline.com/common/oauth2/authorizehttp://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=160&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.phphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=5&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1https://contextual.media.net/medianet.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=125&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=3&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://www.bing.com/search?q=chrome&src=IE-SearchBox&FORM=IESR4A&pc=EUPP_https://www.bing.com/searchhttps://www.bing.com/orgid/idtoken/nosigninhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852188168;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852188168;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttp://www.msn.com/?ocid=iehphttp://www.msn.com/http://
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000002.513184627.00000000034E3000.00000004.00000001.sdmpString found in binary or memory: http://bot.whatismyipaddress.com/
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertECCSecureServerCA.crt0
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt0
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt0
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSecureSiteECCCA-1.crt0
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://cookies.onetrust.mgr.consensu.org/?name=euconsent&value=&expire=0&isFirstRequest=true
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://cookies.onetrust.mgr.consensu.org/onetrust-logo.svg
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl.globalsign.com/root.crl0V
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl.pki.goog/GTS1O1core.crl0
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl.pki.goog/GTSGIAG3.crl0
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertSecureSiteECCCA-1.crl0
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl3.digicert.com/sha2-ev-server-g2.crl04
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g6.crl04
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl3.digicert.com/ssca-ecc-g1.crl0.
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl3.digicert.com/ssca-sha2-g6.crl0/
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertSecureSiteECCCA-1.crl0L
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl4.digicert.com/sha2-ev-server-g2.crl0K
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crl0L
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl4.digicert.com/ssca-ecc-g1.crl0L
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://crl4.digicert.com/ssca-sha2-g6.crl0L
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6IiIsIml1ZSI6Imh0dHA6Ly9pbWFnZXMyLnplbWFudGEuY29tL
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6IjE4MmE0M2M0MDY3OGU1N2E4MjhkM2NjNDdlNGMzZmNkYjU1N
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6Ijc4NDFiMmZlNWMxZGU2M2JkNDdjMGQzZWI3NjIzYjlkNWU5N
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://images.outbrainimg.com/transform/v3/eyJpdSI6ImY3MDA1MDJkMTdmZDY0M2VkZTBjNzg5MTE1OWEyYTYxMWRiN
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA7XCQ3?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuG4N?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuQtg?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuTly?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuTp7?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuY5J?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuZko?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADuqZ9?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADv4Ge?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jpg
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADv842?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jp
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvbPR?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=jp
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvbce?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=jp
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AADvrrg?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=jp
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyXiwM?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyuliQ?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzjSw3?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB16g6qc?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB18T33l?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=j
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB18qTPD?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19x3nX?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xGDT?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xJbM?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19xaUu?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yF6n?h=333&w=311&m=6&q=60&u=t&o=t&l=f&f=j
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yHSm?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yKf2?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=j
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19ylKx?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yqHP?h=75&w=100&m=6&q=60&u=t&o=t&l=f&f=jp
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yuvA?h=250&w=300&m=6&q=60&u=t&o=t&l=f&f=j
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19yxVU?h=166&w=310&m=6&q=60&u=t&o=t&l=f&f=j
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB46JmN?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB6Ma4a?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBO5Geh?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBPfCZL?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBRUB0d?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBVuddh?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBWoHwx?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBX2afX?h=27&w=27&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBi9v6?m=6&o=true&u=true&n=true&w=30&h=30
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBih5H?m=6&o=true&u=true&n=true&w=30&h=30
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBkwUr?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBnYSFZ?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BByBEMv?h=16&w=16&m=6&q=60&u=t&o=t&l=f&f=png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0:
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0B
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0E
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0F
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0K
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0M
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0R
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://ocsp.globalsign.com/rootr103
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://ocsp.msocsp.com0
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://ocsp.pki.goog/GTSGIAG30
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://ocsp.pki.goog/gsr202
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://ocsp.pki.goog/gts1o1core0
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://ocsp2.globalsign.com/cloudsslsha2g30V
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0#
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0M
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://pki.goog/gsr2/GTSGIAG3.crt0)
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000002.513184627.00000000034E3000.00000004.00000001.sdmpString found in binary or memory: http://pomf.cat/upload.php
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.289239450.0000000003EF9000.00000004.00000001.sdmp, DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000002.505655633.0000000000402000.00000040.00000001.sdmpString found in binary or memory: http://pomf.cat/upload.php&https://a.pomf.cat/
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000002.513184627.00000000034E3000.00000004.00000001.sdmpString found in binary or memory: http://pomf.cat/upload.phpCContent-Disposition:
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.286303356.0000000002E01000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://secure.globalsign.com/cacert/cloudsslsha2g3.crt06
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/2366737e/webcore/externalscripts/oneTrust/ski
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/5445db85/webcore/externalscripts/oneTrust/de-
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/_h/975a7d20/webcore/externalscripts/jquery/jquer
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/css/3bf20fde-50425371/directi
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/css/f60532dd-3aac3bb8/directi
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/3bf20fde-2923b6c2/directio
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/3bf20fde-b532f4eb/directio
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/f60532dd-2923b6c2/directio
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/de-ch/homepage/_sc/js/f60532dd-f8dd99d9/directio
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/11/755f86.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/64/a8a064.gif
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/81/58b810.gif
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/86/2042ed.woff
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/9b/e151e5.gif
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/ea/4996b9.woff
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA7XCQ3.img?h=16&w=16&m
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuG4N.img?h=75&w=100&
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuQtg.img?h=166&w=310
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuTly.img?h=166&w=310
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuTp7.img?h=333&w=311
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuY5J.img?h=166&w=310
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuZko.img?h=75&w=100&
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADuqZ9.img?h=75&w=100&
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADv4Ge.img?h=75&w=100&
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADv842.img?h=250&w=300
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvbPR.img?h=250&w=300
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvbce.img?h=333&w=311
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AADvrrg.img?h=166&w=310
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAyXiwM.img?h=16&w=16&m
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAyuliQ.img?h=16&w=16&m
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAzjSw3.img?h=16&w=16&m
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16g6qc.img?h=27&w=27&
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB18T33l.img?h=333&w=31
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB18qTPD.img?h=16&w=16&
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19x3nX.img?h=166&w=31
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xGDT.img?h=166&w=31
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xJbM.img?h=75&w=100
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19xaUu.img?h=166&w=31
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yF6n.img?h=333&w=31
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yHSm.img?h=75&w=100
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yKf2.img?h=250&w=30
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19ylKx.img?h=75&w=100
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yqHP.img?h=75&w=100
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yuvA.img?h=250&w=30
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB19yxVU.img?h=166&w=31
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB46JmN.img?h=16&w=16&m
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB6Ma4a.img?h=16&w=16&m
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBO5Geh.img?h=16&w=16&m
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&w=27&m
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBRUB0d.img?h=16&w=16&m
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBVuddh.img?h=16&w=16&m
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBWoHwx.img?h=27&w=27&m
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&w=27&m
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBi9v6.img?m=6&o=true&u
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBih5H.img?m=6&o=true&u
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBkwUr.img?h=16&w=16&m=
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBnYSFZ.img?h=16&w=16&m
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BByBEMv.img?h=16&w=16&m
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.286303356.0000000002E01000.00000004.00000001.sdmpString found in binary or memory: http://www.collada.org/2005/11/COLLADASchema9Done
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.285951977.0000000001587000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comic
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.285951977.0000000001587000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.como
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.285951977.0000000001587000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.como=
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://www.msn.com
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://www.msn.com/
              Source: vbc.exe, 0000000D.00000003.301810285.0000000002252000.00000004.00000001.sdmp, bhv2B6.tmp.13.drString found in binary or memory: http://www.msn.com/?ocid=iehp
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://www.msn.com/de-ch/?ocid=iehp
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/consent/55a804
              Source: bhv2B6.tmp.13.drString found in binary or memory: http://www.msn.com/de-ch/entertainment/_h/c920645c/webcore/externalscripts/oneTrustV2/scripttemplate
              Source: vbc.exe, 0000000D.00000002.302827463.000000000019C000.00000004.00000001.sdmpString found in binary or memory: http://www.nirsoft.net
              Source: vbc.exe, vbc.exe, 0000001A.00000002.429178669.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.nirsoft.net/
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000000.00000002.293702305.0000000006E42000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=4842492154761;g
              Source: vbc.exe, 0000000D.00000003.300550780.0000000002253000.00000004.00000001.sdmp, bhv2B6.tmp.13.drString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=58648497779
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852
              Source: DHL_AWB_DOCUMENT_pdf.exe, 00000008.00000002.513184627.00000000034E3000.00000004.00000001.sdmpString found in binary or memory: https://a.pomf.cat/
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gt
              Source: vbc.exe, 0000000D.00000003.300550780.0000000002253000.00000004.00000001.sdmp, bhv2B6.tmp.13.drString found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaot
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://arc.msn.com/v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC54c8a2b02c3446f48a60b41e8a5ff47
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC5bdddb231cf54f958a5b6e76e9d8eee
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC828bc1cde9f04b788c98b5423157734
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RC9b2d2bc73c8a4a1d8dd5c3d69b6634a
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc13122162a9a46c3b4cbf05ffccde0f
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCc71c68d7b8f049b6a6f3b669bd5d00c
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCee0d4d5fd4424c8390d703b105f82c3
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4d1d9f749fd3/434d91f2e635/RCfd484f9188564713bbc5d13d862ebbf
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://assets.adobedtm.com/launch-EN7b3d710ac67a4a1195648458258f97dd.min.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://contextual.media.net/
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://contextual.media.net/48/nrrV18753.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://contextual.media.net/803288796/fcmain.js?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://contextual.media.net/__media__/js/util/nrrV9140.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
              Source: vbc.exe, 0000000D.00000003.300565944.000000000225E000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/checksync.phphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&
              Source: vbc.exe, 0000000D.00000003.301810285.0000000002252000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU15
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
              Source: vbc.exe, 0000000D.00000003.300565944.000000000225E000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1https://c
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://cvision.media.net/new/286x175/2/57/35/144/83ebc513-f6d1-4e0e-a39a-bef975147e85.jpg?v=9
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://cvision.media.net/new/286x175/2/75/95/36/612b163a-ff7b-498a-bad2-3c52bbd2c504.jpg?v=9
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://cvision.media.net/new/286x175/2/89/162/29/8ee7a9a3-dec9-4d15-94e1-5c73b17d2de1.jpg?v=9
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://cvision.media.net/new/286x175/3/248/152/169/520bb037-5f8d-42d6-934b-d6ec4a6832e8.jpg?v=9
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://cvision.media.net/new/300x194/2/138/47/25/3b2da2d4-7a38-47c3-b162-f33e769f51f5.jpg?v=9
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://cvision.media.net/new/300x300/3/167/174/27/39ab3103-8560-4a55-bfc4-401f897cf6f2.jpg?v=9
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BE6B7572D
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://fonts.googleapis.com/css?family=Google
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlI3K.woff
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94bt3.woff
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9vAA.woff
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Me5g.woff
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_333%2Cw_311%2Cc_fill%2Cg_faces:aut
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4DnuZ
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Dnv6
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Dnwt
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4DsDH
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmQ
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmV
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FBmZ
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4FGwC
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4n1yl
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4n4cm
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ncJ7
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ncJa
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4nqTh
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4sQww?ver=37ff
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tD2S
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tG3O
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tIoW
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tIoY
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tKUA
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tMOD
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tMOM
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tQVa
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4u1kF
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ubMD
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqj5
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4zuiC
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWeTGO?ver=8c74&q=90&m=
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
              Source: vbc.exe, 0000000D.00000003.300550780.0000000002253000.00000004.00000001.sdmp, bhv2B6.tmp.13.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1601451842&rver=6.0.5286.0&wp=MBI_SSL&wre
              Source: vbc.exe, 0000000D.00000003.301789018.000000000273B000.00000004.00000001.sdmp, vbc.exe, 0000000D.00000003.300550780.0000000002253000.00000004.00000001.sdmp, vbc.exe, 0000000D.00000003.300565944.000000000225E000.00000004.00000001.sdmp, bhv2B6.tmp.13.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e
              Source: vbc.exeString found in binary or memory: https://login.yahoo.com/config/login
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://logincdn.msauth.net/16.000.28230.00/MeControl.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meBoot.min.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://mem.gfx.ms/me/MeControl/10.19168.0/en-US/meCore.min.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://mwf-service.akamaized.net/mwf/css/bundle/1.57.0/west-european/default/mwf-main.min.css
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://mwf-service.akamaized.net/mwf/js/bundle/1.57.0/mwf-auto-init-main.var.min.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/css/optanon.c
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://optanon.blob.core.windows.net/skins/4.1.0/default_flat_top_two_button_black/v2/images/cookie
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://pki.goog/repository/0
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://prod-video-cms-rt-microsoft-com.akamaized.net/vhs/api/videos/RE4sQBc
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://srtb.msn.com/auction?a=de-ch&b=623d43496a394c99b1336ff5cc139eb9&c=MSN&d=http%3A%2F%2Fwww.msn
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://statics-marketingsites-neu-ms-com.akamaized.net/statics/override.css?c=7
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.digicert.com/CPS0
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.globalsign.com/repository/0
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google-analytics.com/analytics.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=GTM-N7S69J3&cid=299872286.1601476511
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/
              Source: vbc.exeString found in binary or memory: https://www.google.com/accounts/servicelogin
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/application/x-msdownloadC:
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/css/main.v2.min.css
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/css/main.v3.min.css
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/app-store-download.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/chrome-logo.svg
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/chrome_safari-behavior.jpg
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/chrome_throbber_fast.gif
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/cursor-replay.cur
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/download-browser/big_pixel_phone.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/download-browser/pixel_phone.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/download-browser/pixel_tablet.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/google-chrome-logo.jpg
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/google-logo-one-color.jpg
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-description-white-blue-bg.jpg
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-fb.jpg
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-file-download.jpg
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-help.jpg
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-twitter.jpg
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/fallback/icon-youtube.jpg
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/folder-applications.svg
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/google-play-download.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-beta.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-canary.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-dev.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/google-enterprise.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-bottom-left.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-middle.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/hero-anim-top-right.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_features.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_privacy.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage_tools.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/homepage/laptop_desktop.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/icon-announcement.svg
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/icon-file-download.svg
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/mac-ico.png
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/images/thank-you/thankyou-animation.json
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/js/installer.min.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/static/js/main.v2.min.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.googleadservices.com/pagead/conversion.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.googleadservices.com/pagead/conversion_async.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.googleadservices.com/pagead/p3p.xml
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-26908291-4
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-PZ6TRJB
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.gstatic.com/external_hosted/autotrack/autotrack.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.gstatic.com/external_hosted/lottie/lottie.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.gstatic.com/external_hosted/modernizr/modernizr.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.gstatic.com/external_hosted/scrollmagic/ScrollMagic.min.js
              Source: bhv2B6.tmp.13.drString found in binary or memory: https://www.gstatic.com/external_hosted/scrollmagic/animation.gsap.min.js

              Key, Mouse, Clipboard, Microphone and Screen Capturing:

              barindex
              Yara detected HawkEye KeyloggerShow sources
              Source: Yara matchFile source: 0.2.DHL_AWB_DOCUMENT_pdf.exe.4311cd0.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 8.2.DHL_AWB_DOCUMENT_pdf.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.DHL_AWB_DOCUMENT_pdf.exe.4311cd0.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.DHL_AWB_DOCUMENT_pdf.exe.412ca50.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.289239450.0000000003EF9000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.289625534.0000000004045000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.505655633.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.513331493.0000000003540000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: DHL_AWB_DOCUMENT_pdf.exe PID: 3220, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: DHL_AWB_DOCUMENT_pdf.exe PID: 1928, type: MEMORYSTR
              Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeCode function: 13_2_0040F078 OpenClipboard,GetLastError,DeleteFileW,13_2_0040F078

              System Summary:

              barindex
              Malicious sample detected (through community Yara rule)