Play interactive tour

Edit tour

Windows Analysis Report mATFWhYtPk

Overview

General Information

Sample Name:	mATFWhYtPk (renamed file extension from none to dll)
Analysis ID:	533067
MD5:	70798426016c93e3d52363c8a902333f
SHA1:	02f29a5c7e7f8230b86d26b36757c1aaa968dde7
SHA256:	5e3bcb83c60c7d06d42822afe1d36c3b0f866ef678935c5903cda936009713a1
Tags:	32dllexetrojan
Infos:
Most interesting Screenshot:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Tries to detect virtualization through RDTSC time measurements

Hides that the sample has been downloaded from the Internet (zone.identifier)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Deletes files inside the Windows folder

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Creates files inside the system directory

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Contains functionality for execution timing, often used to detect debuggers

Sample file is different than original file name gathered from version info

PE file contains an invalid checksum

Tries to load missing DLLs

Contains functionality to read the PEB

Drops PE files to the windows directory (C:\Windows)

Registers a DLL

Queries disk information (often used to detect virtual machines)

Creates a process in suspended mode (likely to inject code)

Contains functionality for read data from the clipboard

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 3272 cmdline: loaddll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll" MD5: 72FCD8FB0ADC38ED9050569AD673650E)

cmd.exe (PID: 352 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

rundll32.exe (PID: 1936 cmdline: rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 4596 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

regsvr32.exe (PID: 3912 cmdline: regsvr32.exe /s C:\Users\user\Desktop\mATFWhYtPk.dll MD5: 426E7499F6A7346F0410DEAD0805586B)

rundll32.exe (PID: 3516 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

iexplore.exe (PID: 5868 cmdline: C:\Program Files\Internet Explorer\iexplore.exe MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 6044 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5868 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

rundll32.exe (PID: 2976 cmdline: rundll32.exe C:\Users\user\Desktop\mATFWhYtPk.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 5796 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Uexmfpkplvbbrf\jerrpf.tlt",SfMITlqpKAP MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 4536 cmdline: rundll32.exe C:\Users\user\Desktop\mATFWhYtPk.dll,asbiqstaeqzsycc MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 2784 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6548 cmdline: rundll32.exe C:\Users\user\Desktop\mATFWhYtPk.dll,atwuhkycfybkj MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 5812 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 5952 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

svchost.exe (PID: 6340 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: mATFWhYtPk.dll

Virustotal: Detection: 25%

Perma Link

Source: mATFWhYtPk.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 23.211.6.95:443 -> 192.168.2.6:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.95:443 -> 192.168.2.6:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.95:443 -> 192.168.2.6:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.95:443 -> 192.168.2.6:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.95:443 -> 192.168.2.6:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.95:443 -> 192.168.2.6:49803 version: TLS 1.2

Source: mATFWhYtPk.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F22B531 FindFirstFileExA,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F22B531 FindFirstFileExA,

Source: Joe Sandbox View

JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c

Source: Joe Sandbox View

IP Address: 23.211.6.95 23.211.6.95

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800

Source: de-ch[1].htm.6.dr	String found in binary or memory: <a href="https://www.facebook.com/" target="_blank" data-piitxt="facebooklite" piiurl="https://www.facebook.com/"> equals www.facebook.com (Facebook)
Source: de-ch[1].htm.6.dr	String found in binary or memory: <a href="https://www.linkedin.com:443/news/story/gibt-es-einen-impfstoffmangel-5630362/?li=BBqfZdV" > equals www.linkedin.com (Linkedin)
Source: msapplication.xml0.4.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xf48ae3b0,0x01d7e821</date><accdate>0xf4a9e53b,0x01d7e821</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.4.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf78f5b13,0x01d7e821</date><accdate>0xfb03e25c,0x01d7e821</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.4.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xfb502d4d,0x01d7e821</date><accdate>0xfb6f2be4,0x01d7e821</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: de-ch[1].htm.6.dr	String found in binary or memory: <link rel="preconnect" href="img-s-msn-com.akamaized.net" /><link rel="preconnect" href="c.msn.com" /><link rel="preconnect" href="c.msn.cn" /><link rel="preconnect" href="https://www.bing.com" /><link rel="preconnect" href="//browser.events.data.msn.com" /><link rel="dns-prefetch" href="img-s-msn-com.akamaized.net" /><link rel="dns-prefetch" href="c.msn.com" /><link rel="dns-prefetch" href="c.msn.cn" /><link rel="dns-prefetch" href="https://www.bing.com" /><link rel="dns-prefetch" href="//browser.events.data.msn.com" /><link rel="canonical" href="https://www.msn.com/de-ch/" /><meta name="msapplication-TileColor" content="#224f7b"/><meta name="msapplication-TileImage" content="//static-global-s-msn-com.akamaized.net/hp-neu/sc/1f/08ced4.png"/><meta name="msapplication-config" content="none"/> <title>MSN Schweiz \| Sign in Hotmail, Outlook Login, Windows Live, Office 365</title> equals www.hotmail.com (Hotmail)
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: glich.",errorFooterText:"Zu Twitter wechseln",taskLinks:"Benachrichtigungen\|https://twitter.com/i/notifications;Ich\|#;Abmelden\|#"}],xbox:[{header:"Spotlight",content:"",footerText:"Alle anzeigen",footerUrl:"",taskLinks:"me_groove_taskLinks_store\|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play\|https://aka.ms/Ixhi8e;me_groove_taskLinks_try\|https://aka.ms/msvmj1"},{header:"Meine tolle Wiedergabeliste",headerUrl:"https://aka.ms/qeqf5y",content:"",errorMessage:"",taskLinks:"me_groove_taskLinks_store\|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play\|https://aka.ms/Ixhi8e;me_groove_taskLinks_try\|https://aka.ms/msvmj1"}],bingrewards:[{header:"Pr equals www.twitter.com (Twitter)
Source: de-ch[1].htm.6.dr	String found in binary or memory: hren, die sich auf Ihren Internetdatenverkehr auswirken.<br/><br/><a href=\""+e.html(f)+'" onclick="window.location.reload(true)">Klicken Sie hier<\/a> um diese Seite erneut zu laden, oder besuchen Sie: <a href="'+i+'">'+i+"<\/a><\/p><\/div><div id='errorref'><span>Ref 1: "+e.html(o(t.clientSettings.aid))+"   Ref 2: "+e.html(t.clientSettings.sid\|\|"000000")+"   Ref 3: "+e.html((new r.Date).toUTCString())+"<\/span><\/div><\/div>"});ot({errId:1512,errMsg:n})}function ot(n){require(["track"],function(t){var i={errId:n.errId,errMsg:n.errMsg,reportingType:0};t.trackAppErrorEvent(i)})}function tt(){var n=v(arguments);a(l(n,b),n,!0)}function st(){var n=v(arguments);a(l(n,h),n)}function ht(){var n=v(arguments);a(l(n,y),n)}function ct(n){(r.console\|\|{}).timeStamp?console.timeStamp(n):(r.performance\|\|{}).mark&&r.performance.mark(n)}var w=0,it=-1,b=0,h=1,y=2,s=[],p,k,rt,o,d=!1,c=Math.random()*100<=-1;return ut(r,function(n,t,i,r){return w++,n=nt(n,t,i,r," [ENDMESSAGE]"),n&&tt("[SCRIPTERROR] "+n),!0}),c&&require(["jquery","c.deferred"],function(n){k=!0;rt=n;s.length&&g()}),{error:tt,fatalError:et,unhandledErrorCount:function(){return w},perfMark:ct,warning:st,information:ht}});require(["viewAwareInit"],function(n){n({size2row:"(min-height: 48.75em)",size1row:"(max-height: 48.74em)",size4column:"(min-width: 72em)",size3column:"(min-width: 52.313em) and (max-width: 71.99em)",size2column:"(min-width: 43.75em) and (max-width: 52.303em)",size2rowsize4column:"(min-width: 72em) and (min-height: 48.75em)",size2rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (min-height: 48.75em)",size2rowsize2column:"(max-width: 52.303em) and (min-height: 48.75em)",size1rowsize4column:"(min-width: 72em) and (max-height: 48.74em)",size1rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (max-height: 48.74em)",size1rowsize2column:"(max-width: 52.303em) and (max-height: 48.74em)"})});require(["deviceInit"],function(n){n({AllowTransform3d:"false",AllowTransform2d:"true",RtlScrollLeftAdjustment:"none",ShowMoveTouchGestures:"true",SupportFixedPosition:"true",UseCustomMatchMedia:null,Viewport_Behavior:"Default",Viewport_Landscape:null,Viewport:"width=device-width,initial-scale=1.0",IsMobileDevice:"false"})})</script><meta property="sharing_url" content="https://www.msn.com/de-ch"/><meta property="og:url" content="https://www.msn.com/de-ch/"/><meta property="og:title" content="MSN Schweiz \| Sign in Hotmail, Outlook Login, Windows Live, Office 365"/><meta property="twitter:card" content="summary_large_image"/><meta property="og:type" content="website"/><meta property="og:site_name" content="MSN"/><meta property="og:image" content="https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg"/><link rel="shortcut icon" href="//static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico" /><style>@media screen and (max-width:78.99em) and (min-width:58.875em){.layout-none:not(.mod1) .pos2{left:0}}.ie8 .grid .pick4~li.pick
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.facebook.com (Facebook)
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.twitter.com (Twitter)
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: ter erneut.",viewInboxErrorMessage:"Wenn beim Anzeigen Ihres Posteingangs weiterhin ein Problem auftritt, besuchen Sie",taskLinks:"Verfassen\|https://outlook.live.com/mail/deeplink/compose;Kalender\|https://outlook.live.com/calendar",piiText:"Read Outlook Email",piiUrl:"http://www.hotmail.msn.com/pii/ReadOutlookEmail/"}],office:[{header:"Office",content:"Zeigen Sie Ihre zuletzt verwendeten Dokumente an oder erstellen Sie kostenlos mit Office Online ein neues.",footerText:"Anmelden",footerUrl:"[[signin]]",ssoAutoRefresh:!0,taskLinks:"Word Online\|https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel Online\|https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway\|https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoint Online\|https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site"},{header:"Aktuelle Dokumente",headerUrl:"https://onedrive.live.com/#qt=mru",content:"Wird geladen ...",noContent:"Dieser Ordner ist leer. Klicken Sie unten, um ein neues Dokument zu erstellen.",errorMessage:"Keine Verbindung mit Office Online m equals www.hotmail.com (Hotmail)

Source: svchost.exe, 0000000C.00000002.911297448.0000020000062000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: svchost.exe, 0000000C.00000002.911297448.0000020000062000.00000004.00000001.sdmp	String found in binary or memory: http://crl.ver)
Source: de-ch[1].htm.6.dr	String found in binary or memory: http://ogp.me/ns#
Source: de-ch[1].htm.6.dr	String found in binary or memory: http://ogp.me/ns/fb#
Source: {F0A62C50-5414-11EC-90E5-ECF4BB2D2496}.dat.4.dr, ~DFF3249FCAE5CBA117.TMP.4.dr	String found in binary or memory: http://searchads.msn.net/.cfm?&&kp=1&
Source: imagestore.dat.6.dr	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: msapplication.xml.4.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.4.dr	String found in binary or memory: http://www.google.com/
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: http://www.hotmail.msn.com/pii/ReadOutlookEmail/
Source: msapplication.xml2.4.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.4.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.4.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.4.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.4.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.4.dr	String found in binary or memory: http://www.youtube.com/
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://amzn.to/2TTxhNg
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://apps.apple.com/ch/app/microsoft-news/id945416273?pt=80423&ct=prime_footer&mt=8
Source: 55a804ab-e5c6-4b97-9319-86263d365d28[2].json.6.dr	String found in binary or memory: https://assets.msn.com/staticsb/statics/latest/oneTrust/1.2/consent/55a804ab-e5c6-4b97-9319-86263d36
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://browser.events.data.msn.com/OneCollector/1.0/t.js?qsp=true&anoncknm=%22%22&name=%22MS.News.W
Source: 55a804ab-e5c6-4b97-9319-86263d365d28[2].json.6.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
Source: 55a804ab-e5c6-4b97-9319-86263d365d28[2].json.6.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_office&
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_store&m
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_promotionalstripe_na
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://client-s.gateway.messenger.live.com
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://clkde.tradedoubler.com/click?p=273363&a=3064090&g=24940322
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://clkde.tradedoubler.com/click?p=295926&a=3064090&g=24886692
Source: ~DFF3249FCAE5CBA117.TMP.4.dr	String found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&http
Source: {F0A62C50-5414-11EC-90E5-ECF4BB2D2496}.dat.4.dr, ~DFF3249FCAE5CBA117.TMP.4.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
Source: {F0A62C50-5414-11EC-90E5-ECF4BB2D2496}.dat.4.dr, ~DFF3249FCAE5CBA117.TMP.4.dr	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
Source: iab2Data[1].json.6.dr	String found in binary or memory: https://doceree.com/.well-known/deviceStorage.json
Source: iab2Data[1].json.6.dr	String found in binary or memory: https://doceree.com/us-privacy-policy/
Source: iab2Data[1].json.6.dr	String found in binary or memory: https://evorra.com/product-privacy-policy/
Source: 55a804ab-e5c6-4b97-9319-86263d365d28[2].json.6.dr	String found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1638488541&rver=7.0.6730.0&am
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://login.live.com/logout.srf?ct=1638488542&rver=7.0.6730.0&lc=1033&id=1184&lru=
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0&rpsnv=13&ct=1638488541&rver=7.0.6730.0&w
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://login.skype.com/login/oauth/microsoft?client_id=738133
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://msasg.visualstudio.com/Shared%20Data/_git/1DS.JavaScript?version=GBnubenja%2Fcustom-package
Source: iab2Data[1].json.6.dr	String found in binary or memory: https://nextmillennium.io/privacy-policy/
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://onedrive.live.com/#qt=mru
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://onedrive.live.com/?qt=allmyphotos;Aktuelle
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://onedrive.live.com/?qt=mru;Aktuelle
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://onedrive.live.com/?qt=mru;OneDrive-App
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://onedrive.live.com/about/en/download/
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://onedrive.live.com;Fotos
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://onedrive.live.com;OneDrive-App
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
Source: iab2Data[1].json.6.dr	String found in binary or memory: https://optimise-it.de/datenschutz
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://outlook.com/
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://outlook.live.com/calendar
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://outlook.live.com/mail/deeplink/compose;Kalender
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png"
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&hl=de-ch&refer
Source: {F0A62C50-5414-11EC-90E5-ECF4BB2D2496}.dat.4.dr, ~DFF3249FCAE5CBA117.TMP.4.dr	String found in binary or memory: https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://secure.adnxs.com/clktrb?id=764680&t=1
Source: iab2Data[1].json.6.dr	String found in binary or memory: https://silvermob.com/privacy
Source: iab2Data[1].json.6.dr	String found in binary or memory: https://smartyads.com/privacy-policy
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-shoppingstripe-nav
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
Source: imagestore.dat.6.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AARlHk9.img?h=368&
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB12jAN6.img?h=27&
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1aXBV1.img?h=27&
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cEP3G.img?h=27&
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cG73h.img?h=27&
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&w
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&w
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://support.skype.com
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?"
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://twitter.com/
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://twitter.com/i/notifications;Ich
Source: iab2Data[1].json.6.dr	String found in binary or memory: https://www.bidstack.com/privacy-policy/
Source: iab2Data[1].json.6.dr	String found in binary or memory: https://www.botman.ninja/privacy-policy
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.ebay.ch/?mkcid=1&mkrid=5222-53480-19255-0&siteid=193&campid=5338626668&t
Source: imagestore.dat.6.dr	String found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.linkedin.com:443/news/story/gibt-es-einen-impfstoffmangel-5630362/?li=BBqfZdV
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com/de-ch
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com/de-ch/
Source: ~DFF3249FCAE5CBA117.TMP.4.dr	String found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com/de-ch/nachrichten/coronareisen
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com/de-ch/nachrichten/regional
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/ab-2025-gibt-es-einarmige-banditen-und-roulette-in-der-lokstadt
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/altkleider-nur-noch-in-stadtz%c3%bcrcher-sammelstellen/ar-AARos
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/die-provisorische-kantonsschule-auf-dem-irchel-kann-2024-starte
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/erste-best%c3%a4tigte-ansteckung-zwei-weitere-verdachtsf%c3%a4l
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/kanton-best%c3%a4tigt-ersten-omikron-fall-in-z%c3%bcrich/ar-AAR
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/kanton-verteidigt-finanzielle-beteiligung-am-kunstprojekt/ar-AA
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/lage-dramatisch-zugespitzt-%c3%b6v-in-winterthur-wird-teilweise
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/traurig-und-primitiv-rettungswagen-w%c3%a4hrend-einsatz-verspra
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/wird-etwas-enger-im-bus-werden-die-kapazit%c3%a4t-aber-stemmen-
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com/de-ch/news/other/z%c3%bcrich-zahlt-f%c3%bcr-gr%c3%bcne-hausw%c3%a4nde/ar-AARnq3Z
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com/de-ch/sport?ocid=StripeOCID
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.msn.com?form=MY01O4&OCID=MY01O4
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
Source: iab2Data[1].json.6.dr	String found in binary or memory: https://www.onlineumfragen.com/3index_2010_agb.cfm
Source: iab2Data[1].json.6.dr	String found in binary or memory: https://www.queryclick.com/privacy-policy
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_shop_de&utm
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.skype.com/
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://www.skype.com/de
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://www.skype.com/de/download-skype
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.skyscanner.net/flights?associateid=API_B2B_19305_00001&vertical=custom&pageType=
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
Source: iab2Data[1].json.6.dr	String found in binary or memory: https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json
Source: iab2Data[1].json.6.dr	String found in binary or memory: https://www.stroeer.de/ssp-datenschutz
Source: iab2Data[1].json.6.dr	String found in binary or memory: https://www.stroeer.de/werben-mit-stroeer/onlinewerbung/programmatic-data/sdi-datenschutz-b2c
Source: 52-478955-68ddb2ab[1].js.6.dr	String found in binary or memory: https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.tippsundtricks.co/gesundheit/stueck-seife-bettwasche/?utm_campaign=DECH-bedsoap&utm_
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.tippsundtricks.co/lifehacks/kochendes-wasser-auto/?utm_campaign=DECH-cardent&utm_sou
Source: de-ch[1].htm.6.dr	String found in binary or memory: https://www.tippsundtricks.co/lifehacks/schwamm-kuhlschrank/?utm_campaign=DECH-schwamm&utm_sourc

Source: unknown

DNS traffic detected: queries for: www.msn.com

Source: global traffic	HTTP traffic detected: GET /medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: contextual.media.netIf-None-Match: "af9b4812e53e25fc57a13f41f6790ac9"Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: contextual.media.netIf-None-Match: "e68781cdaae1574dce2fccfea5cb29e3"Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bping.php?&gdpr=0&prid=8PRVV7640&cid=8CU157172&crid=858412214&vi=1638488555656014322&ugd=4&lf=6&cc=CH&sc=ZH&lper=50&wsip=2886781044&r=1638520979551&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&vgd_l2type=setting&vgd_sbSup=0&vgd_is_amp=0&vgd_asn=60068&vgd_rakh=1638488555181756319&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fmedianet.php&vgd_pgid=p11306311666t202112030842&vgd_pgids=1&vgd_gdprcs=1&vgd_uspa=0&hvsid=00001638520979548014104136331645&gdpr=0&vgd_end=1 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: lg3.media.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=6&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usp HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: contextual.media.netConnection: Keep-AliveCookie: hbcm_sd=1%7C1638520979780
Source: global traffic	HTTP traffic detected: GET /rtbsmpubs.php?&gdpr=0&gdprconsent=1&usp_enf=1&usp_status=0&cid=8HBI57XIG&region=nv&ptrid=8PR68Q253&requestString=6704687434%7C300x250%7C8CU157172%7C858412214%7C&crid=670468743&sd=1&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&bl=1&rt=5&dn=https://contextual.media.net&https=1&act=headerBid&prvReqId=655139198087331261638520979902&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.17810036448631755&ndec=1&scrsize=1280x1024&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A284%2C%22vh%22%3A271%2C%22ph%22%3A271%7D&itype=HB-CM&cc=CH&rc=ZH&ct=ZURICH&bt=1&gcp=1&isRefresh=0&callback=window.hbCMBidxc.rtbsheaderBid3S0 HTTP/1.1Accept: application/javascript, /*;q=0.8Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: contextual.media.netConnection: Keep-AliveCookie: hbcm_sd=1%7C1638520979780
Source: global traffic	HTTP traffic detected: GET /checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=5&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usp HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: contextual.media.netConnection: Keep-AliveCookie: hbcm_sd=2%7C1638520979780
Source: global traffic	HTTP traffic detected: GET /rtbsmpubs.php?&gdpr=0&gdprconsent=1&usp_enf=1&usp_status=0&cid=8HBI57XIG&region=nv&ptrid=8PR68Q253&requestString=9765319144%7C300x250%7C8CU157172%7C722878611%7C&crid=976531914&sd=2&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&bl=1&rt=5&dn=https://contextual.media.net&https=1&act=headerBid&prvReqId=695089110086948631638520986847&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.519716239585557&ndec=1&scrsize=1280x1024&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A284%2C%22vh%22%3A271%2C%22ph%22%3A271%7D&itype=HB-CM&cc=CH&rc=ZH&ct=ZURICH&bt=1&gcp=1&isRefresh=0&callback=window.hbCMBidxc.rtbsheaderBid3S0 HTTP/1.1Accept: application/javascript, /*;q=0.8Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: contextual.media.netConnection: Keep-AliveCookie: hbcm_sd=2%7C1638520979780
Source: global traffic	HTTP traffic detected: GET /803288796/fcmain.js?cb=window._mNDetails.initAd&&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3D%3D&crid=858412214&size=306x271&cc=CH&https=1&vif=2&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&nse=5&vi=1638488555656014322&ugd=4&rtbs=1&nb=1 HTTP/1.1Accept: application/javascript, /;q=0.8Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: contextual.media.netConnection: Keep-AliveCookie: hbcm_sd=4%7C1638520979780
Source: global traffic	HTTP traffic detected: GET /checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=1053&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usp HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: contextual.media.netConnection: Keep-AliveCookie: hbcm_sd=4%7C1638520979780
Source: global traffic	HTTP traffic detected: GET /checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=7479&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usp HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: contextual.media.netConnection: Keep-AliveCookie: hbcm_sd=4%7C1638520979780
Source: global traffic	HTTP traffic detected: GET /log?logid=awlog&pid=8PR68Q253&itype=HB-CM&dn=msn.com&cid=8HBI57XIG&svr=2021111013_170&servname=hbcm_na&gdpr=0&csex=0&suc=0&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001638520987300014104136333773&vsid=&sd=1&gtd=400&inid=0&gfd=&cc=CH&sc=ZH&ct=ZURICH&abte=CONTROL&adbd=0&amp=0&version=1&sB=false&cors=true&disB=false&ice=&vw=284&vh=271&pht=271&cl=&__rk=0&app=0&rtype=&vendor=&isSafari=0&lbr=0&floc_id=&floc_ver=&id_details=&mnkv=&pabte=&pbcm=0&pvid=4&prvAccId=858412214&prvApiId=8CU157172&exid=31&pcId=&pseat=4-BID_API&mowxReqId=655139198087331261638520979902&crid=670468743&g=0&size=300x250&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=1&plcmtt=0&rtime=46&dtc=nydc&rtbsv2=&mp_seg<>=44412%23%2315390%23%2315718%23%2317218%23%2328447%23%2333721%23%2354934%23%2353492%23%2360148&apid=1&wsip=c10-mowx-prod-1&ltime=7221&abs=0&ae=0&ftr<>=&ssregion=&ssreqid=&sssvnm=&bdp=0.02&cbdp=0.02&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=unknown&dfpBd=0.02&nms=1&di=&dt=O&epc=858412214&ogbdp=0.02&s=1&snm=success&dbf=1&bdata=sd2%3Dnull~bb%3D186~vv%3D0~erpm%3D0.03~ogerpm%3D0.03~MFB%3D2jo~smm_bid%3D0.02~bm%3D1~smm_sd%3D2021120121~sid%3D858412214~sd%3D1~uid%3D2IaaJtXbXqos4SCzmA~dc2%3D1~btd%3D14241703836931763290446355943300556902506328540099388593272215750316032~scd%3Dzh~uim%3D464908~url_tkc%3D0~ss%3D1280x1024~uiw%3D100~ce%3D1~xgb_sd%3D2021101600~last%3D0~CI%3D2624~ip%3D1xrX0Z~fbb%3D0~riipua%3D0%2C0~xgb_nt%3D101~nts%3D1~tb%3D-1~et%3D27~ct%3Dzurich~rc%3D6%2C0~basis2%3D196~url_b%3D0.03~basis1%3D196~isRef%3D0~lc%3D0~url_tvi%3D0~smm_wr%3D2.2127~url_l%3D50~xgboost_b%3D0.92~bid%3D0.02~xgb_b%3D0.92~dc%3D8~gcat%3D500884~ogbid%3D0.02%7C%7Ccbdp%3D0.02%7C%7Cbflag%3D0%7C%7Csobp%3D0%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D%25%25DMS_STRATEGY%25%25%7C%7Cdtc%3Dnydc%7C%7Cabte%3DCONTROL%7C%7Chsw%3D%25%25HAS_SECOND_WINNER%25%25~ibc%3D1~ddt%3D-1~nsz%3D1~tgs%3D300x250~bsb%3D0~bsp%3D0~tmx%3D200&cmpid=&bId=&pcrid=8CU157172-858412214-48-14&ruct=0&brs=&brr=&iurl=https%3A%2F%2Fiurl-a.akamaihd.net%2Fybntag%3F%26cid%3D8CU157172%26crid%3D858412214%26size%3D300x250%26requrl%3Dhttps%253A%252F%252Fwww.msn.com%252Fde-ch%252F%253Focid%253Diehp&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Cclt%3D0%7Cfl_rl%3D1%7CssProfile%3D0%7Cdbr%3D1%7Ctkd%3Dnull&bfs=0&seat=BID_API&nbr=0&ba=31&ybnca_gbid=&ybnca_erpm=0.03&ybnca_vbid=&yogbdp=0.02&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=76112239762996859_53175729_670468743141&dStat=0&ogbid=0.02&acid=340954286069640181638520979899&act=headerBid&dtfdl=&dspltime=&ttfd=&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&adj1=0&adj0=0&adj2=0&adj3=0&patkey=&patint<>=&pc=&spSource=0&spIvt=3&spId=&spFst=0&spIsReq=3&spTo=3&top=0&btm=0&lft=0&rght=0&mx_SD=&mx_PC=1&mx_SPRIG=1&mx_UCC=2&mx_lr_seg_cnt=0&mx_GCID=0&mx_IAB2=1&mx_ip_exp_verd=&mx_vsGap=&mx_epbc=8CU157172&mx_bsBucket=0&mx_ssProfile=0&mx_lr=0&mx_g_one_uid_sent=None&mx_uid_sent=0&mx_yhs_enabled
Source: global traffic	HTTP traffic detected: GET /log?logid=awlog&pid=8PR68Q253&itype=HB-CM&dn=msn.com&cid=8HBI57XIG&svr=2021111013_170&servname=hbcm_na&gdpr=0&csex=0&suc=0&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001638520995419014104136339406&vsid=&sd=2&gtd=400&inid=0&gfd=&cc=CH&sc=ZH&ct=ZURICH&abte=CONTROL&adbd=0&amp=0&version=1&sB=false&cors=true&disB=false&ice=&vw=284&vh=271&pht=271&cl=&__rk=0&app=0&rtype=&vendor=&isSafari=0&lbr=0&floc_id=&floc_ver=&id_details=&mnkv=&pabte=&pbcm=0&pvid=4&prvAccId=722878611&prvApiId=8CU157172&exid=31&pcId=&pseat=4-BID_API&mowxReqId=695089110086948631638520986847&crid=976531914&g=0&size=300x250&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=1&plcmtt=0&rtime=48&dtc=nydc&rtbsv2=&mp_seg<>=44412%23%2315390%23%2315718%23%2317218%23%2328447%23%2333721%23%2354934%23%2353492%23%2360148&apid=1&wsip=c10-mowx-web-43&ltime=8567&abs=0&ae=0&ftr<>=&ssregion=&ssreqid=&sssvnm=&bdp=0.02&cbdp=0.02&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=unknown&dfpBd=0.02&nms=1&di=&dt=O&epc=722878611&ogbdp=0.02&s=1&snm=success&dbf=1&bdata=sd2%3Dnull~bb%3D186~vv%3D0~erpm%3D0.04~ogerpm%3D0.04~MFB%3D10K~smm_bid%3D0.02~bm%3D0.9~smm_sd%3D2021120121~sid%3D722878611~sd%3D2~uid%3D2IaaKnuVnvziDdNYpZ~dc2%3D1~btd%3D14241703849787268410763125577306022343800731350682634986482226645438464~scd%3Dzh~uim%3D466966~url_tkc%3D0~ss%3D1280x1024~uiw%3D100~ce%3D1~xgb_sd%3D2021101600~last%3D0~CI%3D2624~ip%3D1xrX0Z~fbb%3D0~riipua%3D0%2C0~xgb_nt%3D101~nts%3D1~tb%3D-1~et%3D28~ct%3Dzurich~rc%3D8%2C1~basis2%3D196~url_b%3D0.04~basis1%3D196~isRef%3D0~lc%3D0~url_tvi%3D0~smm_wr%3D2.0898~url_l%3D50~xgboost_b%3D0.92~bid%3D0.02~xgb_b%3D0.92~dc%3D8~gcat%3D500884~ogbid%3D0.02%7C%7Ccbdp%3D0.02%7C%7Cbflag%3D0%7C%7Csobp%3D0%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D%25%25DMS_STRATEGY%25%25%7C%7Cdtc%3Dnydc%7C%7Cabte%3DCONTROL%7C%7Chsw%3D%25%25HAS_SECOND_WINNER%25%25~ibc%3D1~ddt%3D-1~nsz%3D1~tgs%3D300x250~bsb%3D0~bsp%3D0~tmx%3D200&cmpid=&bId=&pcrid=8CU157172-722878611-48-8&ruct=0&brs=&brr=&iurl=https%3A%2F%2Fiurl-a.akamaihd.net%2Fybntag%3F%26cid%3D8CU157172%26crid%3D722878611%26size%3D300x250%26requrl%3Dhttps%253A%252F%252Fwww.msn.com%252Fde-ch%252F%253Focid%253Diehp&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Cclt%3D0%7Cfl_rl%3D1%7CssProfile%3D0%7Cdbr%3D1%7Ctkd%3Dnull&bfs=0&seat=BID_API&nbr=0&ba=0&ybnca_gbid=&ybnca_erpm=0.04&ybnca_vbid=&yogbdp=0.02&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=5651415265142258_1006712733_976531914141&dStat=0&ogbid=0.02&acid=154704099775382721638520986219&act=headerBid&dtfdl=&dspltime=&ttfd=&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&adj1=0&adj0=0&adj2=0&adj3=0&patkey=&patint<>=&pc=&spSource=0&spIvt=3&spId=&spFst=0&spIsReq=3&spTo=3&top=0&btm=0&lft=0&rght=0&mx_SD=&mx_PC=1&mx_SPRIG=1&mx_UCC=2&mx_lr_seg_cnt=0&mx_GCID=0&mx_IAB2=1&mx_ip_exp_verd=&mx_vsGap=&mx_epbc=8CU157172&mx_bsBucket=0&mx_ssProfile=0&mx_lr=0&mx_g_one_uid_sent=None&mx_uid_sent=0&mx_yhs_enable
Source: global traffic	HTTP traffic detected: GET /803288796/fcmain.js?cb=window._mNDetails.initAd&&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3D%3D&crid=722878611&size=306x271&cc=CH&https=1&vif=2&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&nse=5&vi=1638488555296348136&ugd=4&rtbs=1&nb=1 HTTP/1.1Accept: application/javascript, /;q=0.8Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: contextual.media.netConnection: Keep-AliveCookie: hbcm_sd=4%7C1638520979780
Source: global traffic	HTTP traffic detected: GET /bqi.php?lf=5&&vgd_l2type=setting&pid=8PO8WH2OT&cme=wKMzE5aEf1C7W8c2Zu-wR6W8-LV6OuNn5M8-l7xIv5OFVIrj5gO7h1h0qwkXsk1YkKHiWm6OwnS8YdF7hxOqVy4gI-Di5bXqA_L7Nj1Gg-bLo1QZupPE9_lkGVq8LafeqNrLclh8bDzLkZpLway17PoLJDHoGdSHRiqjLFunN_rSbZHJFAjGFIv7F87z8XmJ-E7BhMXbxjXouwQLvaGa-ShCB3oRwwh8\|\|NDHRnZ9Gz3KXlI-i9OnZqQ==\|5gDUJdTGiJzedmq9hanWYg==\|sRBSg3CPSiQ=\|YdjFvixrVaHKWoanJxQ7pN1u-FbdnHzrNjhpugAcObH3UBK3ulwAWl7Dk2fLSIhhcacW0wejpmUUSEEp7HvKRQ==\|N7fu2vKt8_s=\|2Vo1csK06ElQVm9wtd7kmyhUd8oCSycUmnOt-CKThRGW5B7OtbhnTLfgAjgMfKS9GxuAl0hmLh7h59eRacx_zlI1mhj_yGBtc0wpPjW7ZYHmZRI-Qs46jvsASGwtenQv5_6kd41JpbzUVoJx6JhY_2c-CqKREqoxgJ7iifrLoawE2O9aRy41se9ZHO7dRZ1TuzVy17bY00rUzIYODMSLh1Pcyr8slxcI\|&gdpr=0&prid=8PRVV7640&cid=8CU157172&crid=858412214&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&vi=1638488555656014322&ugd=4&cc=CH&sc=ZH&bdrid=4&startTime=1638520979055&l2type=setting&vgd_l1rakh=1638488555181756319&l1ch=1&sttm=1638520979548&upk=1638520976.1854&hvsid=00001638520979548014104136331645&verid=9999999&vgd_sc=ZH&infr=1&twna=1&vgd_hbReqId=T1638483495C8S22U926&l1hcsd=l1!N4\|8028&vgd_l1rhst=contextual.media.net&vgd_gdprcs=1&vgd_uspa=0&vgd_isiolc=0&clp=%7B%7D&cl=%7B%7D&rtbsd=10&bidData=sd2%3Dnull~bb%3D186~vv%3D0~erpm%3D0.03~ogerpm%3D0.03~MFB%3D2jo~smm_bid%3D0.02~bm%3D1~smm_sd%3D2021120121~sid%3D858412214~sd%3D1~uid%3D2IaaJtXbXqos4SCzmA~dc2%3D1~btd%3D14241703836931763290446355943300556902506328540099388593272215750316032~scd%3Dzh~uim%3D464908~url_tkc%3D0~ss%3D1280x1024~uiw%3D100~ce%3D1~xgb_sd%3D2021101600~last%3D0~CI%3D2624~ip%3D1xrX0Z~fbb%3D0~riipua%3D0%2C0~xgb_nt%3D101~nts%3D1~tb%3D-1~et%3D27~ct%3Dzurich~rc%3D6%2C0~basis2%3D196~url_b%3D0.03~basis1%3D196~isRef%3D0~lc%3D0~url_tvi%3D0~smm_wr%3D2.2127~url_l%3D50~xgboost_b%3D0.92~bid%3D0.02~xgb_b%3D0.92~dc%3D8~gcat%3D500884~ogbid%3D0.02%7C%7Ccbdp%3D0.02%7C%7Cbflag%3D0%7C%7Csobp%3D0%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D%25%25DMS_STRATEGY%25%25%7C%7Cdtc%3Dnydc%7C%7Cabte%3DCONTROL%7C%7Chsw%3D%25%25HAS_SECOND_WINNER%25%25~ibc%3D1~ddt%3D-1~nsz%3D1~tgs%3D300x250~bsb%3D0~bsp%3D0~tmx%3D200&matchString=hr%3D0&l2ch=1&l2wsip=170721631&sethcsd=set!A18%7C8013&vgd_pgid=p11306311666t202112030842&vgd_pgids=1 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: lg3.media.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /48/nrrV52461.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: contextual.media.netConnection: Keep-AliveCookie: hbcm_sd=4%7C1638520979780
Source: global traffic	HTTP traffic detected: GET /bqi.php?lf=5&&vgd_l2type=setting&pid=8PO641UYD&cme=S4_cq7T57eCIr457wnOZONsOijxuA5EygvvxEjyXm71KTilyaTdTHRWOugo0C_JUn4twsFFYarKn93u4d6Wh6HMuQsMK5wWTGu1mrmPGv06hdWu24i6BYU93PtG7z1VQdB4ux8XjUQgg7DwLdqAoOijT7cYB0PZ7NTCBf9W5LFQjtZSGcztLSxTeV8g-zadF_C34PocyUZBlJYj8v-g9knLNYbSXoCou\|\|NDHRnZ9Gz3KXlI-i9OnZqQ==\|5gDUJdTGiJzedmq9hanWYg==\|sRBSg3CPSiQ=\|YdjFvixrVaHKWoanJxQ7pN1u-FbdnHzrNjhpugAcObH3UBK3ulwAWiVtoHi1pupYycuLTp-eXshvuac-oX9kgg==\|N7fu2vKt8_s=\|f5bf1u7fLjnm37la4OqE47RtCc7tk3v3IH31-me1miPZAj1YnQwQh2PphemVXLK4fAUBKHTKZdPfBF6Z3YxbAN_GIqcUs8MdLqegLZSBCy3hsW5q2MOql5UxuUCHNLvR17Gr4GMn9bf5Jf-OYIJvVpxHv8PIWqmXdxa1VL06H2CKusOFWLZA_QmNop8hTtZlFs_wuMW5dZSm1HenepcN0cikahOsfwZT\|&gdpr=0&prid=8PRVV7640&cid=8CU157172&crid=722878611&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&vi=1638488555296348136&ugd=4&cc=CH&sc=ZH&bdrid=4&startTime=1638520985695&l2type=setting&vgd_l1rakh=1638488555141945565&l1ch=1&sttm=1638520986209&upk=1638520983.26641&hvsid=00001638520986209014104136331365&verid=9999999&vgd_sc=ZH&infr=1&twna=1&vgd_hbReqId=T1638485630C8S34U173&l1hcsd=l1!N4\|8028&vgd_l1rhst=contextual.media.net&vgd_gdprcs=1&vgd_uspa=0&vgd_isiolc=0&clp=%7B%7D&cl=%7B%7D&rtbsd=10&bidData=sd2%3Dnull~bb%3D186~vv%3D0~erpm%3D0.04~ogerpm%3D0.04~MFB%3D10K~smm_bid%3D0.02~bm%3D0.9~smm_sd%3D2021120121~sid%3D722878611~sd%3D2~uid%3D2IaaKnuVnvziDdNYpZ~dc2%3D1~btd%3D14241703849787268410763125577306022343800731350682634986482226645438464~scd%3Dzh~uim%3D466966~url_tkc%3D0~ss%3D1280x1024~uiw%3D100~ce%3D1~xgb_sd%3D2021101600~last%3D0~CI%3D2624~ip%3D1xrX0Z~fbb%3D0~riipua%3D0%2C0~xgb_nt%3D101~nts%3D1~tb%3D-1~et%3D28~ct%3Dzurich~rc%3D8%2C1~basis2%3D196~url_b%3D0.04~basis1%3D196~isRef%3D0~lc%3D0~url_tvi%3D0~smm_wr%3D2.0898~url_l%3D50~xgboost_b%3D0.92~bid%3D0.02~xgb_b%3D0.92~dc%3D8~gcat%3D500884~ogbid%3D0.02%7C%7Ccbdp%3D0.02%7C%7Cbflag%3D0%7C%7Csobp%3D0%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D%25%25DMS_STRATEGY%25%25%7C%7Cdtc%3Dnydc%7C%7Cabte%3DCONTROL%7C%7Chsw%3D%25%25HAS_SECOND_WINNER%25%25~ibc%3D1~ddt%3D-1~nsz%3D1~tgs%3D300x250~bsb%3D0~bsp%3D0~tmx%3D200&matchString=hr%3D0&l2ch=1&l2wsip=2887305233&sethcsd=set!A18%7C8013&vgd_pgid=p11306311666t202112030843&vgd_pgids=1 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: lg3.media.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /48/nrrV52461.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: contextual.media.netConnection: Keep-AliveCookie: hbcm_sd=4%7C1638520979780

Source: unknown	HTTPS traffic detected: 23.211.6.95:443 -> 192.168.2.6:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.95:443 -> 192.168.2.6:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.95:443 -> 192.168.2.6:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.95:443 -> 192.168.2.6:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.95:443 -> 192.168.2.6:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.6.95:443 -> 192.168.2.6:49803 version: TLS 1.2

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 2_2_6F205FB0 GetOpenClipboardWindow,CreateMenu,GetCursor,GetOpenClipboardWindow,GetCurrentProcess,GetCurrentThreadId,CreateMenu,GetOpenClipboardWindow,GetCurrentThreadId,

Source: mATFWhYtPk.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: C:\Windows\SysWOW64\rundll32.exe

File deleted: C:\Windows\SysWOW64\Uexmfpkplvbbrf\jerrpf.tlt:Zone.Identifier

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

File created: C:\Windows\SysWOW64\Uexmfpkplvbbrf\

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6562B
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7E05C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A73AA0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6B0AC
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A70AA8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A71ABD
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A740BB
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A722BB
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7B2B8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A69082
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7988A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7D88A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A75C8A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A676EE
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7AAF3
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A668F2
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A756F8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6D2C4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A61EC4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6E6CA
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6B8CA
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A75ECA
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A770D1
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7C6D9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6C227
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6A02A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A73C28
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7CE32
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6A833
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7EC30
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7AC3D
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7C400
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A79209
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A71E11
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6601A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A70660
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A81E60
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A76A6B
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A64871
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A80E72
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7C879
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6F443
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A74E55
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7D454
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A78851
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A76DA4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6EBA2
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7CFA1
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7F1AF
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6B7B7
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A633B5
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7E9BB
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7B587
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A67582
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A65D88
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7A797
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6ED92
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A67990
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A75198
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6DBE7
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A631E4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6FDE3
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6F1F6
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A775F1
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6E3C6
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A735DB
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A74BDA
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A78103
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A77900
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6610E
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A61914
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7E31F
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A72963
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A67361
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A64D6B
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6AD68
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6A17E
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A78D7C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A62D46
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7114E
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7AF4E
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A77D4C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A72B4A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A62756
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6B354
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7E554
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A7DD54
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A73158
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F206530
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F205900
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F20E660
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F212C20
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F221C80
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F202C90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F21FC91
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F234CE0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F209320
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F234BB3
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F22AA20
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F21C25A
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F2312EC
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F21C032
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDE05C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC562B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD56F8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDAAF3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC68F2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC76EE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDC6D9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD70D1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCE6CA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCB8CA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD5ECA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCD2C4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC1EC4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD1ABD
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDB2B8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD40BB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD22BB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCB0AC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD0AA8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD3AA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD988A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDD88A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD5C8A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC9082
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDC879
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FE0E72
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC4871
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD6A6B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD0660
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FE1E60
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD4E55
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDD454
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD8851
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCF443
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDAC3D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDEC30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDCE32
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCA833
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD3C28
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCA02A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCC227
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC601A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD1E11
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD9209
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDC400
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCF1F6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD75F1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC31E4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCDBE7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCFDE3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD35DB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD4BDA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCE3C6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDE9BB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC33B5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCB7B7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDF1AF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD6DA4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDCFA1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCEBA2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD5198
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDA797
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC7990
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCED92
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC5D88
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDB587
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC7582
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD8D7C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCA17E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCAD68
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC4D6B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC7361
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD2963
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD3158
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCB354
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDE554
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDDD54
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC2756
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD7D4C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD114E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDAF4E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD2B4A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC2D46
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FDE31F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC1914
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FC610E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD7900
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FD8103
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F206530
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F205900
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F20E660
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F212C20
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F221C80
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F202C90
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F21FC91
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F234CE0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F209320
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F22FB69
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F234BB3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F22AA20
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F21C25A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F2312EC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F21C032
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03017900
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03002D46
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301114E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03013158
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300A17E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03005D88
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301F1AF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300601A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300A02A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300562B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301E05C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03016A6B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301C879
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301D88A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_030122BB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301C6D9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03018103
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300610E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03001914
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301E31F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03012B4A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03017D4C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301AF4E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300B354
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301E554
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301DD54
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03002756
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03007361
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03012963
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300AD68
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03004D6B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03018D7C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03007582
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301B587
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03007990
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300ED92
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301A797
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03015198
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301CFA1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300EBA2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03016DA4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_030033B5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300B7B7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301E9BB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300E3C6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_030135DB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03014BDA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300FDE3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_030031E4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300DBE7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_030175F1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300F1F6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301C400
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03019209
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03011E11
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300C227
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03013C28
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301EC30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301CE32
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300A833
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301AC3D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300F443
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03018851
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03014E55
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301D454
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03010660
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03021E60
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03020E72
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03004871
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03009082
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301988A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03015C8A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03013AA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03010AA8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300B0AC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301B2B8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_030140BB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03011ABD
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300D2C4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03001EC4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300E6CA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300B8CA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_03015ECA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_030170D1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_030076EE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0301AAF3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_030068F2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_030156F8

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: String function: 6F214EB0 appears 46 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6F214EB0 appears 46 times

Source: mATFWhYtPk.dll

Binary or memory string: OriginalFilenameZqutyyvlsw.dll6 vs mATFWhYtPk.dll

Source: C:\Windows\SysWOW64\regsvr32.exe

Section loaded: sfc.dll

Source: mATFWhYtPk.dll

Virustotal: Detection: 25%

Source: mATFWhYtPk.dll

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\mATFWhYtPk.dll
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\mATFWhYtPk.dll,DllRegisterServer
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5868 CREDAT:17410 /prefetch:2
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\mATFWhYtPk.dll,asbiqstaeqzsycc
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\mATFWhYtPk.dll,atwuhkycfybkj
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Uexmfpkplvbbrf\jerrpf.tlt",SfMITlqpKAP
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\mATFWhYtPk.dll
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\mATFWhYtPk.dll,DllRegisterServer
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\mATFWhYtPk.dll,asbiqstaeqzsycc
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\mATFWhYtPk.dll,atwuhkycfybkj
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",#1
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5868 CREDAT:17410 /prefetch:2
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Uexmfpkplvbbrf\jerrpf.tlt",SfMITlqpKAP
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F0A62C4E-5414-11EC-90E5-ECF4BB2D2496}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF4AB291A385B95D5D.TMP

Jump to behavior

Source: classification engine

Classification label: mal56.evad.winDLL@30/114@6/2

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 2_2_6F20AEB0 CoCreateInstance,OleRun,

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",#1

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 2_2_6F20DC50 LoadLibraryExW,LoadLibraryExW,LoadLibraryExW,FindResourceW,LoadResource,SizeofResource,MultiByteToWideChar,FreeLibrary,

Source: C:\Windows\System32\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: mATFWhYtPk.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: mATFWhYtPk.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: mATFWhYtPk.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: mATFWhYtPk.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: mATFWhYtPk.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: mATFWhYtPk.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F214F00 push ecx; ret
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F236451 push ecx; ret
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F214F00 push ecx; ret
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F236451 push ecx; ret

Source: mATFWhYtPk.dll

Static PE information: real checksum: 0x72da1 should be: 0x76fac

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\mATFWhYtPk.dll

Source: C:\Windows\SysWOW64\rundll32.exe

PE file moved: C:\Windows\SysWOW64\Uexmfpkplvbbrf\jerrpf.tlt

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Windows\SysWOW64\rundll32.exe

File opened: C:\Windows\SysWOW64\Uexmfpkplvbbrf\jerrpf.tlt:Zone.Identifier read attributes | delete

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Windows\SysWOW64\rundll32.exe	RDTSC instruction interceptor: First address: 000000006F206570 second address: 000000006F2065AB instructions: 0x00000000 rdtscp 0x00000003 mov dword ptr [esp+000000F8h], ecx 0x0000000a test edx, edx 0x0000000c jne 00007F7710B8F397h 0x0000000e mov dword ptr [esp+14h], 0B8FEA98h 0x00000016 rdtscp
Source: C:\Windows\SysWOW64\rundll32.exe	RDTSC instruction interceptor: First address: 000000006F207835 second address: 000000006F207863 instructions: 0x00000000 rdtscp 0x00000003 mov dword ptr [ebp-08h], ecx 0x00000006 test edx, edx 0x00000008 jne 00007F7710CF3C41h 0x0000000a mov ebx, 05F1FEE1h 0x0000000f rdtscp
Source: C:\Windows\SysWOW64\regsvr32.exe	RDTSC instruction interceptor: First address: 000000006F206570 second address: 000000006F2065AB instructions: 0x00000000 rdtscp 0x00000003 mov dword ptr [esp+000000F8h], ecx 0x0000000a test edx, edx 0x0000000c jne 00007F7710B8F397h 0x0000000e mov dword ptr [esp+14h], 0B8FEA98h 0x00000016 rdtscp
Source: C:\Windows\SysWOW64\regsvr32.exe	RDTSC instruction interceptor: First address: 000000006F207835 second address: 000000006F207863 instructions: 0x00000000 rdtscp 0x00000003 mov dword ptr [ebp-08h], ecx 0x00000006 test edx, edx 0x00000008 jne 00007F7710CF3C41h 0x0000000a mov ebx, 05F1FEE1h 0x0000000f rdtscp
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000006F206570 second address: 000000006F2065AB instructions: 0x00000000 rdtscp 0x00000003 mov dword ptr [esp+000000F8h], ecx 0x0000000a test edx, edx 0x0000000c jne 00007F7710B8F397h 0x0000000e mov dword ptr [esp+14h], 0B8FEA98h 0x00000016 rdtscp
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000006F207835 second address: 000000006F207863 instructions: 0x00000000 rdtscp 0x00000003 mov dword ptr [ebp-08h], ecx 0x00000006 test edx, edx 0x00000008 jne 00007F7710CF3C41h 0x0000000a mov ebx, 05F1FEE1h 0x0000000f rdtscp

Source: C:\Windows\System32\svchost.exe TID: 6928

Thread sleep time: -30000s >= -30000s

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 2_2_6F206530 rdtscp

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F22B531 FindFirstFileExA,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F22B531 FindFirstFileExA,

Source: C:\Windows\SysWOW64\rundll32.exe

File Volume queried: C:\ FullSizeInformation

Source: svchost.exe, 0000000C.00000002.911297448.0000020000062000.00000004.00000001.sdmp	Binary or memory string: "@Hyper-V RAW
Source: svchost.exe, 0000000C.00000002.896576932.000001FFFEA29000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.911279592.000002000004A000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 2_2_6F214D87 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 2_2_6F21736C GetProcessHeap,HeapFree,

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 2_2_6F206530 rdtscp

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_00A6DB4C mov eax, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F206530 mov eax, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F206530 mov eax, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F224E12 mov eax, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F22B306 mov eax, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F217254 mov esi, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F2079C0 mov eax, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02FCDB4C mov eax, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F206530 mov eax, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F206530 mov eax, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F224E12 mov eax, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F22B306 mov eax, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F217254 mov esi, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F2079C0 mov eax, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0300DB4C mov eax, dword ptr fs:[00000030h]

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F21453A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F214D87 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 2_2_6F21D314 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F21453A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F214D87 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6F21D314 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",#1

Source: rundll32.exe, 00000010.00000002.894573044.0000000003750000.00000002.00020000.sdmp, rundll32.exe, 00000012.00000002.887564266.0000000002A30000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: rundll32.exe, 00000010.00000002.894573044.0000000003750000.00000002.00020000.sdmp, rundll32.exe, 00000012.00000002.887564266.0000000002A30000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: rundll32.exe, 00000010.00000002.894573044.0000000003750000.00000002.00020000.sdmp, rundll32.exe, 00000012.00000002.887564266.0000000002A30000.00000002.00020000.sdmp	Binary or memory string: &Program Manager
Source: rundll32.exe, 00000010.00000002.894573044.0000000003750000.00000002.00020000.sdmp, rundll32.exe, 00000012.00000002.887564266.0000000002A30000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoW,
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoW,
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: EnumSystemLocalesW,
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: EnumSystemLocalesW,
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: EnumSystemLocalesW,
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoW,
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoW,
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: EnumSystemLocalesW,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 2_2_6F214BA6 cpuid

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 2_2_6F214F17 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	DLL Side-Loading1	Process Injection12	Masquerading21	OS Credential Dumping	System Time Discovery1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel11	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	DLL Side-Loading1	Virtualization/Sandbox Evasion2	LSASS Memory	Security Software Discovery141	Remote Desktop Protocol	Clipboard Data1	Exfiltration Over Bluetooth	Ingress Tool Transfer1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Process Injection12	Security Account Manager	Virtualization/Sandbox Evasion2	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Deobfuscate/Decode Files or Information1	NTDS	Process Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol3	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Hidden Files and Directories1	LSA Secrets	Remote System Discovery1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Obfuscated Files or Information2	Cached Domain Credentials	File and Directory Discovery2	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Regsvr321	DCSync	System Information Discovery143	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Rundll321	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	DLL Side-Loading1	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	File Deletion1	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
mATFWhYtPk.dll	26%	Virustotal		Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
7.2.rundll32.exe.2b20000.0.unpack	100%	Avira	HEUR/AGEN.1110387	Download File
5.2.rundll32.exe.3000000.0.unpack	100%	Avira	HEUR/AGEN.1110387	Download File
2.2.regsvr32.exe.2fb0000.0.unpack	100%	Avira	HEUR/AGEN.1110387	Download File
7.2.rundll32.exe.2ba4300.1.unpack	100%	Avira	HEUR/AGEN.1110387	Download File
8.2.rundll32.exe.3140000.0.unpack	100%	Avira	HEUR/AGEN.1110387	Download File
0.2.loaddll32.exe.a60000.1.unpack	100%	Avira	HEUR/AGEN.1110387	Download File
3.2.rundll32.exe.2fc0000.0.unpack	100%	Avira	HEUR/AGEN.1110387	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://onedrive.live.com;Fotos	0%	Avira URL Cloud	safe
https://www.botman.ninja/privacy-policy	0%	Avira URL Cloud	safe
https://www.queryclick.com/privacy-policy	0%	Avira URL Cloud	safe
https://www.stroeer.de/werben-mit-stroeer/onlinewerbung/programmatic-data/sdi-datenschutz-b2c	0%	Avira URL Cloud	safe
http://crl.ver)	0%	Avira URL Cloud	safe
https://silvermob.com/privacy	0%	Avira URL Cloud	safe
https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?"	0%	URL Reputation	safe
https://onedrive.live.com;OneDrive-App	0%	Avira URL Cloud	safe
https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json	0%	URL Reputation	safe
https://doceree.com/.well-known/deviceStorage.json	0%	Avira URL Cloud	safe
https://www.bidstack.com/privacy-policy/	0%	URL Reputation	safe
https://www.stroeer.de/ssp-datenschutz	0%	Avira URL Cloud	safe
https://optimise-it.de/datenschutz	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
contextual.media.net	23.211.6.95	true	false	high
hblg.media.net	23.211.6.95	true	false	high
lg3.media.net	23.211.6.95	true	false	high
assets.msn.com	unknown	unknown	false	high
www.msn.com	unknown	unknown	false	high
browser.events.data.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://contextual.media.net/rtbsmpubs.php?&gdpr=0&gdprconsent=1&usp_enf=1&usp_status=0&cid=8HBI57XIG&region=nv&ptrid=8PR68Q253&requestString=670468743*4%7C300x250%7C8CU157172%7C858412214%7C&crid=670468743&sd=1&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&bl=1&rt=5&dn=https://contextual.media.net&https=1&act=headerBid&prvReqId=655139198087331261638520979902&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.17810036448631755&ndec=1&scrsize=1280x1024&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A284%2C%22vh%22%3A271%2C%22ph%22%3A271%7D&itype=HB-CM&cc=CH&rc=ZH&ct=ZURICH&bt=1&gcp=1&isRefresh=0&callback=window.hbCMBidxc.rtbsheaderBid3S0	false	high
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1	false	high
https://contextual.media.net/803288796/fcmain.js?cb=window._mNDetails.initAd&&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3D%3D&crid=722878611&size=306x271&cc=CH&https=1&vif=2&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&nse=5&vi=1638488555296348136&ugd=4&rtbs=1&nb=1	false	high
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=5&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usp	false	high
https://contextual.media.net/48/nrrV52461.js	false	high
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=6&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usp	false	high
https://lg3.media.net/bping.php?&gdpr=0&prid=8PRVV7640&cid=8CU157172&crid=858412214&vi=1638488555656014322&ugd=4&lf=6&cc=CH&sc=ZH&lper=50&wsip=2886781044&r=1638520979551&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&vgd_l2type=setting&vgd_sbSup=0&vgd_is_amp=0&vgd_asn=60068&vgd_rakh=1638488555181756319&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fmedianet.php&vgd_pgid=p11306311666t202112030842&vgd_pgids=1&vgd_gdprcs=1&vgd_uspa=0&hvsid=00001638520979548014104136331645&gdpr=0&vgd_end=1	false	high
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=7479&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usp	false	high
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=1053&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usp	false	high
https://lg3.media.net/bqi.php?lf=5&&vgd_l2type=setting&pid=8PO8WH2OT&cme=wKMzE5aEf1C7W8c2Zu-wR6W8-LV6OuNn5M8-l7xIv5OFVIrj5gO7h1h0qwkXsk1YkKHiWm6OwnS8YdF7hxOqVy4gI-Di5bXqA_L7Nj1Gg-bLo1QZupPE9_lkGVq8LafeqNrLclh8bDzLkZpLway17PoLJDHoGdSHRiqjLFunN_rSbZHJFAjGFIv7F87z8XmJ-E7BhMXbxjXouwQLvaGa-ShCB3oRwwh8\|\|NDHRnZ9Gz3KXlI-i9OnZqQ==\|5gDUJdTGiJzedmq9hanWYg==\|sRBSg3CPSiQ=\|YdjFvixrVaHKWoanJxQ7pN1u-FbdnHzrNjhpugAcObH3UBK3ulwAWl7Dk2fLSIhhcacW0wejpmUUSEEp7HvKRQ==\|N7fu2vKt8_s=\|2Vo1csK06ElQVm9wtd7kmyhUd8oCSycUmnOt-CKThRGW5B7OtbhnTLfgAjgMfKS9GxuAl0hmLh7h59eRacx_zlI1mhj_yGBtc0wpPjW7ZYHmZRI-Qs46jvsASGwtenQv5_6kd41JpbzUVoJx6JhY_2c-CqKREqoxgJ7iifrLoawE2O9aRy41se9ZHO7dRZ1TuzVy17bY00rUzIYODMSLh1Pcyr8slxcI\|&gdpr=0&prid=8PRVV7640&cid=8CU157172&crid=858412214&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&vi=1638488555656014322&ugd=4&cc=CH&sc=ZH&bdrid=4&startTime=1638520979055&l2type=setting&vgd_l1rakh=1638488555181756319&l1ch=1&sttm=1638520979548&upk=1638520976.1854&hvsid=00001638520979548014104136331645&verid=9999999&vgd_sc=ZH&infr=1&twna=1&vgd_hbReqId=T1638483495C8S22U926&l1hcsd=l1!N4\|8028&vgd_l1rhst=contextual.media.net&vgd_gdprcs=1&vgd_uspa=0&vgd_isiolc=0&clp=%7B%7D&cl=%7B%7D&rtbsd=10&bidData=sd2%3Dnull~bb%3D186~vv%3D0~erpm%3D0.03~ogerpm%3D0.03~MFB%3D2jo~smm_bid%3D0.02~bm%3D1~smm_sd%3D2021120121~sid%3D858412214~sd%3D1~uid%3D2IaaJtXbXqos4SCzmA~dc2%3D1~btd%3D14241703836931763290446355943300556902506328540099388593272215750316032~scd%3Dzh~uim%3D464908~url_tkc%3D0~ss%3D1280x1024~uiw%3D100~ce%3D1~xgb_sd%3D2021101600~last%3D0~CI%3D2624~ip%3D1xrX0Z~fbb%3D0~riipua%3D0%2C0~xgb_nt%3D101~nts%3D1~tb%3D-1~et%3D27~ct%3Dzurich~rc%3D6%2C0~basis2%3D196~url_b%3D0.03~basis1%3D196~isRef%3D0~lc%3D0~url_tvi%3D0~smm_wr%3D2.2127~url_l%3D50~xgboost_b%3D0.92~bid%3D0.02~xgb_b%3D0.92~dc%3D8~gcat%3D500884~ogbid%3D0.02%7C%7Ccbdp%3D0.02%7C%7Cbflag%3D0%7C%7Csobp%3D0%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D%25%25DMS_STRATEGY%25%25%7C%7Cdtc%3Dnydc%7C%7Cabte%3DCONTROL%7C%7Chsw%3D%25%25HAS_SECOND_WINNER%25%25~ibc%3D1~ddt%3D-1~nsz%3D1~tgs%3D300x250~bsb%3D0~bsp%3D0~tmx%3D200&matchString=hr%3D0&l2ch=1&l2wsip=170721631&sethcsd=set!A18%7C8013&vgd_pgid=p11306311666t202112030842&vgd_pgids=1	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://assets.msn.com/staticsb/statics/latest/oneTrust/1.2/consent/55a804ab-e5c6-4b97-9319-86263d36	55a804ab-e5c6-4b97-9319-86263d365d28[2].json.6.dr	false		high
http://searchads.msn.net/.cfm?&&kp=1&	{F0A62C50-5414-11EC-90E5-ECF4BB2D2496}.dat.4.dr, ~DFF3249FCAE5CBA117.TMP.4.dr	false		high
https://contextual.media.net/medianet.php?cid=8CU157172	de-ch[1].htm.6.dr	false		high
https://www.msn.com/de-ch/nachrichten/coronareisen	de-ch[1].htm.6.dr	false		high
https://www.msn.com/de-ch/news/other/z%c3%bcrich-zahlt-f%c3%bcr-gr%c3%bcne-hausw%c3%a4nde/ar-AARnq3Z	de-ch[1].htm.6.dr	false		high
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_promotionalstripe_na	de-ch[1].htm.6.dr	false		high
https://onedrive.live.com;Fotos	52-478955-68ddb2ab[1].js.6.dr	false	Avira URL Cloud: safe	low
https://www.msn.com/de-ch/sport?ocid=StripeOCID	de-ch[1].htm.6.dr	false		high
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn	de-ch[1].htm.6.dr	false		high
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel	52-478955-68ddb2ab[1].js.6.dr	false		high
http://ogp.me/ns/fb#	de-ch[1].htm.6.dr	false		high
https://www.botman.ninja/privacy-policy	iab2Data[1].json.6.dr	false	Avira URL Cloud: safe	unknown
https://outlook.live.com/mail/deeplink/compose;Kalender	52-478955-68ddb2ab[1].js.6.dr	false		high
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg	{F0A62C50-5414-11EC-90E5-ECF4BB2D2496}.dat.4.dr, ~DFF3249FCAE5CBA117.TMP.4.dr	false		high
https://www.msn.com/de-ch/news/other/traurig-und-primitiv-rettungswagen-w%c3%a4hrend-einsatz-verspra	de-ch[1].htm.6.dr	false		high
https://www.queryclick.com/privacy-policy	iab2Data[1].json.6.dr	false	Avira URL Cloud: safe	unknown
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002	de-ch[1].htm.6.dr	false		high
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn	52-478955-68ddb2ab[1].js.6.dr	false		high
https://www.msn.com/de-ch/news/other/wird-etwas-enger-im-bus-werden-die-kapazit%c3%a4t-aber-stemmen-	de-ch[1].htm.6.dr	false		high
http://www.reddit.com/	msapplication.xml4.4.dr	false		high
https://www.skype.com/	de-ch[1].htm.6.dr	false		high
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink	de-ch[1].htm.6.dr	false		high
https://www.msn.com/de-ch/nachrichten/regional	de-ch[1].htm.6.dr	false		high
https://www.stroeer.de/werben-mit-stroeer/onlinewerbung/programmatic-data/sdi-datenschutz-b2c	iab2Data[1].json.6.dr	false	Avira URL Cloud: safe	unknown
https://onedrive.live.com/?qt=allmyphotos;Aktuelle	52-478955-68ddb2ab[1].js.6.dr	false		high
https://www.msn.com/de-ch/news/other/die-provisorische-kantonsschule-auf-dem-irchel-kann-2024-starte	de-ch[1].htm.6.dr	false		high
https://amzn.to/2TTxhNg	de-ch[1].htm.6.dr	false		high
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com	52-478955-68ddb2ab[1].js.6.dr	false		high
https://client-s.gateway.messenger.live.com	52-478955-68ddb2ab[1].js.6.dr	false		high
https://secure.adnxs.com/clktrb?id=764680&t=1	de-ch[1].htm.6.dr	false		high
https://www.msn.com/de-ch/	de-ch[1].htm.6.dr	false		high
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site	52-478955-68ddb2ab[1].js.6.dr	false		high
http://crl.ver)	svchost.exe, 0000000C.00000002.911297448.0000020000062000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://www.msn.com/de-ch/news/other/lage-dramatisch-zugespitzt-%c3%b6v-in-winterthur-wird-teilweise	de-ch[1].htm.6.dr	false		high
https://www.msn.com/de-ch	de-ch[1].htm.6.dr	false		high
https://www.tippsundtricks.co/gesundheit/stueck-seife-bettwasche/?utm_campaign=DECH-bedsoap&utm_	de-ch[1].htm.6.dr	false		high
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_store&m	de-ch[1].htm.6.dr	false		high
https://twitter.com/i/notifications;Ich	52-478955-68ddb2ab[1].js.6.dr	false		high
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http	de-ch[1].htm.6.dr	false		high
https://nextmillennium.io/privacy-policy/	iab2Data[1].json.6.dr	false		high
https://silvermob.com/privacy	iab2Data[1].json.6.dr	false	Avira URL Cloud: safe	unknown
https://browser.events.data.msn.com/OneCollector/1.0/t.js?qsp=true&anoncknm=%22%22&name=%22MS.News.W	de-ch[1].htm.6.dr	false		high
https://clkde.tradedoubler.com/click?p=273363&a=3064090&g=24940322	de-ch[1].htm.6.dr	false		high
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin	52-478955-68ddb2ab[1].js.6.dr	false		high
https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb	de-ch[1].htm.6.dr	false		high
http://www.youtube.com/	msapplication.xml7.4.dr	false		high
http://ogp.me/ns#	de-ch[1].htm.6.dr	false		high
https://www.linkedin.com:443/news/story/gibt-es-einen-impfstoffmangel-5630362/?li=BBqfZdV	de-ch[1].htm.6.dr	false		high
https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&hl=de-ch&refer	de-ch[1].htm.6.dr	false		high
https://msasg.visualstudio.com/Shared%20Data/_git/1DS.JavaScript?version=GBnubenja%2Fcustom-package	52-478955-68ddb2ab[1].js.6.dr	false		high
https://onedrive.live.com/?qt=mru;OneDrive-App	52-478955-68ddb2ab[1].js.6.dr	false		high
https://www.skype.com/de	52-478955-68ddb2ab[1].js.6.dr	false		high
https://www.tippsundtricks.co/lifehacks/schwamm-kuhlschrank/?utm_campaign=DECH-schwamm&utm_sourc	de-ch[1].htm.6.dr	false		high
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me	de-ch[1].htm.6.dr	false		high
https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?"	de-ch[1].htm.6.dr	false	URL Reputation: safe	unknown
https://www.skype.com/de/download-skype	52-478955-68ddb2ab[1].js.6.dr	false		high
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header	de-ch[1].htm.6.dr	false		high
http://www.hotmail.msn.com/pii/ReadOutlookEmail/	52-478955-68ddb2ab[1].js.6.dr	false		high
https://onedrive.live.com;OneDrive-App	52-478955-68ddb2ab[1].js.6.dr	false	Avira URL Cloud: safe	low
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_office&	de-ch[1].htm.6.dr	false		high
https://www.msn.com/de-ch/news/other/erste-best%c3%a4tigte-ansteckung-zwei-weitere-verdachtsf%c3%a4l	de-ch[1].htm.6.dr	false		high
https://clkde.tradedoubler.com/click?p=295926&a=3064090&g=24886692	de-ch[1].htm.6.dr	false		high
https://www.google.com/chrome/static/images/favicons/favicon-16x16.png	imagestore.dat.6.dr	false		high
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location	55a804ab-e5c6-4b97-9319-86263d365d28[2].json.6.dr	false		high
http://www.amazon.com/	msapplication.xml.4.dr	false		high
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1	52-478955-68ddb2ab[1].js.6.dr	false		high
http://www.twitter.com/	msapplication.xml5.4.dr	false		high
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway	52-478955-68ddb2ab[1].js.6.dr	false		high
https://cdn.cookielaw.org/vendorlist/googleData.json	55a804ab-e5c6-4b97-9319-86263d365d28[2].json.6.dr	false		high
https://outlook.com/	de-ch[1].htm.6.dr	false		high
https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png"	de-ch[1].htm.6.dr	false		high
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2	~DFF3249FCAE5CBA117.TMP.4.dr	false		high
https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json	iab2Data[1].json.6.dr	false	URL Reputation: safe	unknown
https://cdn.cookielaw.org/vendorlist/iabData.json	55a804ab-e5c6-4b97-9319-86263d365d28[2].json.6.dr	false		high
https://onedrive.live.com/?qt=mru;Aktuelle	52-478955-68ddb2ab[1].js.6.dr	false		high
https://www.msn.com/de-ch/?ocid=iehp	~DFF3249FCAE5CBA117.TMP.4.dr	false		high
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-shoppingstripe-nav	de-ch[1].htm.6.dr	false		high
https://www.ebay.ch/?mkcid=1&mkrid=5222-53480-19255-0&siteid=193&campid=5338626668&t	de-ch[1].htm.6.dr	false		high
https://doceree.com/.well-known/deviceStorage.json	iab2Data[1].json.6.dr	false	Avira URL Cloud: safe	unknown
http://www.nytimes.com/	msapplication.xml3.4.dr	false		high
https://www.bidstack.com/privacy-policy/	iab2Data[1].json.6.dr	false	URL Reputation: safe	unknown
https://onedrive.live.com/about/en/download/	52-478955-68ddb2ab[1].js.6.dr	false		high
https://www.tippsundtricks.co/lifehacks/kochendes-wasser-auto/?utm_campaign=DECH-cardent&utm_sou	de-ch[1].htm.6.dr	false		high
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d	de-ch[1].htm.6.dr	false		high
https://www.msn.com/de-ch/news/other/kanton-verteidigt-finanzielle-beteiligung-am-kunstprojekt/ar-AA	de-ch[1].htm.6.dr	false		high
https://www.msn.com/de-ch/news/other/kanton-best%c3%a4tigt-ersten-omikron-fall-in-z%c3%bcrich/ar-AAR	de-ch[1].htm.6.dr	false		high
https://twitter.com/	de-ch[1].htm.6.dr	false		high
https://www.stroeer.de/ssp-datenschutz	iab2Data[1].json.6.dr	false	Avira URL Cloud: safe	unknown
https://optimise-it.de/datenschutz	iab2Data[1].json.6.dr	false	Avira URL Cloud: safe	unknown
https://smartyads.com/privacy-policy	iab2Data[1].json.6.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.211.6.95	contextual.media.net	United States		16625	AKAMAI-ASUS	false

Private

IP
127.0.0.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	533067
Start date:	03.12.2021
Start time:	00:41:18
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 14m 51s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	mATFWhYtPk (renamed file extension from none to dll)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.evad.winDLL@30/114@6/2
EGA Information:	Failed
HDC Information:	Successful, ratio: 16% (good quality ratio 15.2%) Quality average: 71.3% Quality standard deviation: 25.4%
HCA Information:	Successful, ratio: 75% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Override analysis time to 240s for rundll32
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 20.50.102.62, 23.211.6.115, 23.203.70.208, 204.79.197.203, 80.67.82.240, 80.67.82.209, 20.42.73.25, 152.199.19.161, 80.67.82.11, 80.67.82.50, 23.211.4.86 Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, e12564.dspb.akamaiedge.net, go.microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, onedscolprdeus06.eastus.cloudapp.azure.com, arc.trafficmanager.net, ieonline.microsoft.com, prod.fs.microsoft.com.akadns.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, client.wns.windows.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ie9comview.vo.msecnd.net, a-0003.a-msedge.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, www-msn-com.a-0003.a-msedge.net, a1999.dscg2.akamai.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, any.edge.bing.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, go.microsoft.com.edgekey.net, static-global-s-msn-com.akamaized.net, global.asimov.events.data.trafficmanager.net, cs9.wpc.v0cdn.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
00:43:51	API Interceptor	2x Sleep call for process: svchost.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
23.211.6.95	FBE4.dll	Get hash	malicious	Browse
	girlDowTube.dll	Get hash	malicious	Browse
	vlJn5g0DP2.dll	Get hash	malicious	Browse
	#Ud83d#Udce0TetratecheFaxNOV03 xti.htm	Get hash	malicious	Browse
	MashreqeFaxNOV03 xti.htm	Get hash	malicious	Browse
	T2bmdvFI1K.dll	Get hash	malicious	Browse
	tim.dll	Get hash	malicious	Browse
	data.dll	Get hash	malicious	Browse
	3bJrnQ0otj.dll	Get hash	malicious	Browse
	JavaE.dll	Get hash	malicious	Browse
	iexploer.dll	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
hblg.media.net	CTvjbMY3DK.dll	Get hash	malicious	Browse	2.18.160.23
	j6cSSlGZK8.dll	Get hash	malicious	Browse	2.18.160.23
	CTvjbMY3DK.dll	Get hash	malicious	Browse	2.18.160.23
	S8TePU9taH.dll	Get hash	malicious	Browse	2.18.160.23
	aRo4FhRug5.dll	Get hash	malicious	Browse	2.18.160.23
	bUSzS84fr4.dll	Get hash	malicious	Browse	2.18.160.23
	rpx8zB3thm.dll	Get hash	malicious	Browse	2.18.160.23
	kivtiYknQS.dll	Get hash	malicious	Browse	2.18.160.23
	M72Kclc67w.dll	Get hash	malicious	Browse	2.18.160.23
	4bndVtKthy.dll	Get hash	malicious	Browse	2.18.160.23
	837375615376.dll	Get hash	malicious	Browse	2.18.160.23
	837375615376.dll	Get hash	malicious	Browse	2.18.160.23
	LegacyAudio.dll	Get hash	malicious	Browse	2.18.160.23
	dowNext.dll	Get hash	malicious	Browse	23.211.6.95
	C5GURRmGTj.dll	Get hash	malicious	Browse	2.18.160.23
	vJMHO50EKO.dll	Get hash	malicious	Browse	2.18.160.23
	if.bin.dll	Get hash	malicious	Browse	2.18.160.23
	if.bin.dll	Get hash	malicious	Browse	2.18.160.23
	0IWd8z89rc.dll	Get hash	malicious	Browse	2.18.160.23
	6.dll	Get hash	malicious	Browse	2.18.160.23
contextual.media.net	CTvjbMY3DK.dll	Get hash	malicious	Browse	2.18.160.23
	j6cSSlGZK8.dll	Get hash	malicious	Browse	2.18.160.23
	CTvjbMY3DK.dll	Get hash	malicious	Browse	2.18.160.23
	S8TePU9taH.dll	Get hash	malicious	Browse	2.18.160.23
	aRo4FhRug5.dll	Get hash	malicious	Browse	2.18.160.23
	triage_dropped_file.dll	Get hash	malicious	Browse	2.18.160.23
	bUSzS84fr4.dll	Get hash	malicious	Browse	2.18.160.23
	rpx8zB3thm.dll	Get hash	malicious	Browse	2.18.160.23
	kivtiYknQS.dll	Get hash	malicious	Browse	2.18.160.23
	M72Kclc67w.dll	Get hash	malicious	Browse	2.18.160.23
	5jsO2t1pju.dll	Get hash	malicious	Browse	2.18.160.23
	4bndVtKthy.dll	Get hash	malicious	Browse	2.18.160.23
	837375615376.dll	Get hash	malicious	Browse	2.18.160.23
	837375615376.dll	Get hash	malicious	Browse	2.18.160.23
	LegacyAudio.dll	Get hash	malicious	Browse	2.18.160.23
	dowNext.dll	Get hash	malicious	Browse	23.211.6.95
	C5GURRmGTj.dll	Get hash	malicious	Browse	2.18.160.23
	vJMHO50EKO.dll	Get hash	malicious	Browse	2.18.160.23
	if.bin.dll	Get hash	malicious	Browse	2.18.160.23
	if.bin.dll	Get hash	malicious	Browse	2.18.160.23

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
AKAMAI-ASUS	x86	Get hash	malicious	Browse	184.29.182.35
	c0az1l4js3001lsk4xd9n.arm7	Get hash	malicious	Browse	23.221.44.224
	lAe63MagsK	Get hash	malicious	Browse	23.59.195.246
	trynagetmybinsufucker98575.arm7	Get hash	malicious	Browse	104.86.5.197
	c0az1l4js3001lsk4xd9n.arm	Get hash	malicious	Browse	23.33.161.145
	GenoSec.x86	Get hash	malicious	Browse	96.17.17.190
	arm	Get hash	malicious	Browse	173.223.114.158
	S8TePU9taH.dll	Get hash	malicious	Browse	2.18.160.23
	aRo4FhRug5.dll	Get hash	malicious	Browse	2.18.160.23
	EmployeeAssessment.html	Get hash	malicious	Browse	23.50.97.221
	rpx8zB3thm.dll	Get hash	malicious	Browse	2.18.160.23
	M72Kclc67w.dll	Get hash	malicious	Browse	2.18.160.23
	5jsO2t1pju.dll	Get hash	malicious	Browse	2.18.160.23
	updsrvc	Get hash	malicious	Browse	104.89.44.72
	file.command	Get hash	malicious	Browse	104.90.164.244
	YjKK5XYBzB	Get hash	malicious	Browse	184.50.149.107
	qu1wfRmk6z	Get hash	malicious	Browse	184.29.157.88
	JUyE95BLaL	Get hash	malicious	Browse	184.29.182.90
	0IWd8z89rc.dll	Get hash	malicious	Browse	2.18.160.23
	biKMh38rah	Get hash	malicious	Browse	184.26.66.45

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
9e10692f1b7f78228b2d4e424db3a98c	CTvjbMY3DK.dll	Get hash	malicious	Browse	23.211.6.95
	j6cSSlGZK8.dll	Get hash	malicious	Browse	23.211.6.95
	CTvjbMY3DK.dll	Get hash	malicious	Browse	23.211.6.95
	S8TePU9taH.dll	Get hash	malicious	Browse	23.211.6.95
	aRo4FhRug5.dll	Get hash	malicious	Browse	23.211.6.95
	fel.com.html	Get hash	malicious	Browse	23.211.6.95
	bUSzS84fr4.dll	Get hash	malicious	Browse	23.211.6.95
	rpx8zB3thm.dll	Get hash	malicious	Browse	23.211.6.95
	kivtiYknQS.dll	Get hash	malicious	Browse	23.211.6.95
	M72Kclc67w.dll	Get hash	malicious	Browse	23.211.6.95
	5jsO2t1pju.dll	Get hash	malicious	Browse	23.211.6.95
	3t9XLLs9ae.exe	Get hash	malicious	Browse	23.211.6.95
	4bndVtKthy.dll	Get hash	malicious	Browse	23.211.6.95
	mzSVrYKRrI.exe	Get hash	malicious	Browse	23.211.6.95
	837375615376.dll	Get hash	malicious	Browse	23.211.6.95
	837375615376.dll	Get hash	malicious	Browse	23.211.6.95
	LegacyAudio.dll	Get hash	malicious	Browse	23.211.6.95
	dowNext.dll	Get hash	malicious	Browse	23.211.6.95
	PaCJ39hC4R.xlsx	Get hash	malicious	Browse	23.211.6.95
	C5GURRmGTj.dll	Get hash	malicious	Browse	23.211.6.95

Dropped Files

No context

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\edb.log Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	MPEG-4 LOAS
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.2485834943465208
Encrypted:	false
SSDEEP:	1536:BJiRdfVzkZm3lyf49uyc0ga04PdHS9LrM/oVMUdSRU4E:BJiRdwfu2SRU4E
MD5:	10CD2A4751480DA95820C3C69B573413
SHA1:	C3B5BC5BE15477BD9E82C622F8C4BC670C1954D7
SHA-256:	DEDA7A24E54B312851BF9B532453C897C38950ACEB9F5F50A4EFF7A665926B16
SHA-512:	B51E4BD44A882B6832A46871ED59FE2B672A150B7C7405C6404A115933209961B362C19080261CF5AAE1DD378452590ED9F182C603ADB8FAABFDC96033A94811
Malicious:	false
Preview:	V.d.........@..@.3...w...........................3...w..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.........................................d#.................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage user DataBase, version 0x620, checksum 0xe2860433, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	786432
Entropy (8bit):	0.2506856772455334
Encrypted:	false
SSDEEP:	384:8+W0StseCJ48EApW0StseCJ48E2rTSjlK/ebmLerYSRSY1J2:jSB2nSB2RSjlK/+mLesOj1J2
MD5:	35C5B489C701367CED3069C80FE5C1FD
SHA1:	FC8F988A94F4CA908A34DA3934193C16DD26F3FF
SHA-256:	BE8792DBE19DC0A227E531787B7FF44334BF83F6447E19CCE7388433EA607C7F
SHA-512:	3827923009172DCBF110EFED0A706906F811B0A75519020F0EB0121C5AFB0054A92AEEFBC7FE3179BE370CB55AAC38DE61F3D12890A1339C25AEA490B29B5C74
Malicious:	false
Preview:	..3... ................e.f.3...w........................&..........w..4+...y..h.(..............................3...w...........................................................................................................B...........@...................................................................................................... ........3...w..........................................................................................................................................................................................................................................4+...yKw................b...4+...yW.........................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07714613233559794
Encrypted:	false
SSDEEP:	3:g/mXl7EvRlh+q8l/bJdAtiuotulqll3Vkttlmlnl:guXlicq8t4kN3
MD5:	78FAAA333E680C6CCEAF09819014DCE5
SHA1:	B38229E8A23368FD207D78D856FCE90EC35DD739
SHA-256:	8EDD3743F1F9F9FB5818E998834EF1C3AEC7BE382BD6550C83E882AC2F406320
SHA-512:	67B85743D5D537F899D4B6D42573863522753F4CB03D0FC27ECD88EC769A20B4D1B4F09859F6BC61DF9883CA1099AB0296B2AB9CC04EA4B88CFABA03D456485C
Malicious:	false
Preview:	D.gY.....................................3...w..4+...yW......w...............w.......w....:O.....w..................b...4+...yW.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\EQAWN5DV\www.msn[2].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aKb:JFKb
MD5:	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA1:	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
SHA-256:	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
SHA-512:	6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
Malicious:	false
Preview:	<root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\IB42RK38\contextual.media[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	238
Entropy (8bit):	4.8469736420385106
Encrypted:	false
SSDEEP:	6:JUFdscq932KKl73xqVI62MAl73ncqPC2dZlJ52MAlrb:JUTsp932Ko0VI62M+NPC2dZlJ52M+P
MD5:	F24DE1732DE47C746A4A3EE17C0FDE45
SHA1:	D051BB02C4BE51709E97B58DFFC5E21921C15858
SHA-256:	2785E6C5AE91C364B8A03EB885F5BBE6533F460573A173CD08127E0015BE1A82
SHA-512:	8081D01DFAC0DD711531005CA9804665B6A053E8D8111ABEA569EA6349097DD1B16723F27207AFBB6D8EED6F7E3D1DE78C0EFC4A61AC46D0946393739B51503B
Malicious:	false
Preview:	<root><item name="HBCM_BIDS" value="{}" ltime="3406186224" htime="30926881" /><item name="maxbid" value="0.02" ltime="3410666224" htime="30926881" /><item name="maxbidts" value="1638520987267" ltime="3410666224" htime="30926881" /></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F0A62C4E-5414-11EC-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	5632
Entropy (8bit):	2.042787450575953
Encrypted:	false
SSDEEP:	24:rboGo/QiCh7GW/mChmh8nh69lWK+ti9lWKU:rkGo4vRGWbg2nZtJ
MD5:	5FA12E87D2A521CB7E97A7A20D7503D7
SHA1:	99EDCB0C78349AD55EE517B5DF01E3F3C0233CAA
SHA-256:	38EBE59FB63090F230F2F2EEAC9EAED5AF14F6A8408071EF6F5B1FC472AD35BA
SHA-512:	FD024203EB4A5365FF7A9BDA75FD7258FC89ED396B76A08733C7446B2324A0E6E6385FEB1E2802B886C6CE97FC8EA217F2E325AA0633A386F4EA881A845DD6D0
Malicious:	false
Preview:	......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................x;.!.................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................F.r.a.m.e.L.i.s.t.......................................................................................................0.......O._.T.S.T.y.y.m.8.B.R.U.7.B.G.Q.5.e.z.0.u.y.0.k.l.g.=.=.........:.......................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F0A62C50-5414-11EC-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	332288
Entropy (8bit):	3.594439219697785
Encrypted:	false
SSDEEP:	3072:tZ/2Bfcdmu5kgTzGtWZ/2Bfc+mu5kgTzGt4Z/2Bfcdmu5kgTzGtWZ/2Bfc+mu5kn:09q9
MD5:	19A94CACE6A3B52D4A9F0310B90C0E09
SHA1:	E40C3D534F2EF7B0CA155FED721C889605653A08
SHA-256:	2A27505674561C1CC73AA6593DC008277ACB445F0AA59EEFB01136E6AB49223C
SHA-512:	E6F27672444E50679564D150D99DE4A6698FDFBA418641FD47ECAD10D69EDFF92CF32440B537D7AC41CA8DCE131BEBDE6C8A196E2DB6829D977C18D8782BF208
Malicious:	false
Preview:	......................>...........................................................F...G...H...I...............................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................c..!.................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g...............................................................................................................T.L.0...................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.084603087930222
Encrypted:	false
SSDEEP:	6:TMVBdc9EMdLD5Ltqc41EOucZ4TD90/QL3WIZK0QhPPNbVDHkEtMjwu:TMHdNMNxOEOB+nWimI00OVbVbkEtMb
MD5:	E74138E0512326347E68BE8A6EC75946
SHA1:	06FC0FE834A35F562DFE04913B0AF7A6B82B2A83
SHA-256:	DD3B59DA7EC370800624058405CAE12538C01CF83B7F9E064148834287167F42
SHA-512:	A1E97FCFDCC7390CE0FD5C37A00D4DBE13480BFAD41CAD3DC7742A9C1467CDCBB41E5E004A0171AC0C368FEC5BD0F2C383E0D1AE86C6A303E7408A604171A5CB
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf78f5b13,0x01d7e821</date><accdate>0xfb03e25c,0x01d7e821</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	356
Entropy (8bit):	5.128280594776258
Encrypted:	false
SSDEEP:	6:TMVBdc9EMdLD5Ltqc4fLGTkDkipEi4TD90/QL3WIZK0QhPPNbkI5kU5EtMjwu:TMHdNMNxe2kRQnWimI00OVbkak6EtMb
MD5:	243C341DB07B22ED590EB41F42AC68A0
SHA1:	91D7C135FB5F3F18F9157D95BD93CC9BCDD38F0F
SHA-256:	92509D37EB0C0A88F37BF541231A688108821D13CB7690B0969B820627DB14A5
SHA-512:	0DF1D2D984E5369B7D50F97E55700C2251774A6199AB542FB190F775C3AE2C20665B1EBDA575F9A13191A7A5671D1127FF0DB5305C4BCC2772F3E2F6F403A25E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xef2673ec,0x01d7e821</date><accdate>0xf26dae59,0x01d7e821</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	362
Entropy (8bit):	5.1290038020435595
Encrypted:	false
SSDEEP:	6:TMVBdc9EMdLD5Ltqc4GLqNaX94TD90/QL3WIZK0QhPPNbyhBcEEtMjwu:TMHdNMNxvLjXanWimI00OVbmZEtMb
MD5:	77F3CF73917727C30861E1C06CABCFD5
SHA1:	091E0153C86410EE48ACE6A45BB231C621F6A82A
SHA-256:	309AA43FDED1CDB9E9344DDFBD4062CF31B43DAE94FA33617983A808C61F7BFF
SHA-512:	08198D9C2392C67CD78C01AB9B1C724F86B5F81C4A1DF8A44C09829A990196655C10B7EC0045C10DFFB9B7E8A2205E05F4101FCC51F3B58CF557F0179B7C080E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xfb195839,0x01d7e821</date><accdate>0xfb312f17,0x01d7e821</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.1044863286008635
Encrypted:	false
SSDEEP:	6:TMVBdc9EMdLD5Ltqc4JKZo6UWb4TD90/QL3WIZK0QhPPNbgE5EtMjwu:TMHdNMNxiEKtnWimI00OVbd5EtMb
MD5:	4C3E24337E8AA547148952A7675209B6
SHA1:	613734CA30EC9F65905D302E67422B5840815E4D
SHA-256:	A27D0BF7039F2E4AF309D6862C9246BCFA756513F506B8D8A22845E15020B245
SHA-512:	F9CBBF3F8BDA102D23D71FF4652B348B3783461502CC10ECC72548441E1A182068A196C8BAAE88EB60114856755D72DEAE02BB59D73A28D528CE5E5BE3577CB7
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xf4fd53ca,0x01d7e821</date><accdate>0xf7051340,0x01d7e821</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.140280327260815
Encrypted:	false
SSDEEP:	6:TMVBdc9EMdLD5Ltqc4UxGwDGBNyi4TD90/QL3WIZK0QhPPNb8K0QU5EtMjwu:TMHdNMNxhGwqYXnWimI00OVb8K075Ety
MD5:	1D689A688EC182584A32826908C03DE9
SHA1:	02A43C63380C8BCA84891B1FFF3DA02C7A1DF641
SHA-256:	71F86A90986C1AF6B060D8279E511CE145940C05647A5705F354F05C2567F74F
SHA-512:	FF59469023D77FC2A3E8D4C4815812016A238536C6DCDB92ECA20B69FCBFD956BD63DA3534BE1C094AB3DD3211BCC36768A97B4852DCB14B745C55C6C05C633E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xfb502d4d,0x01d7e821</date><accdate>0xfb6f2be4,0x01d7e821</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	356
Entropy (8bit):	5.097153716585644
Encrypted:	false
SSDEEP:	6:TMVBdc9EMdLD5Ltqc4QundzdVYi4TD90/QL3WIZK0QhPPNbAkEtMjwu:TMHdNMNx0nhd+XnWimI00OVbxEtMb
MD5:	D8B9BB9D5C4940F2FF1BED233569A420
SHA1:	16814E017DB071B5E7FDA4821084B56523F06D43
SHA-256:	7F30F1EE787027F137FD43DEBBCAC90CDE1F7AA9F60362AB9F9B026C41C33FF3
SHA-512:	A39526ECF3C06F4BED4F877EB52A622948F0929AD238FBBC0689FFA24423B553A505C9D13754779030FEB7D79DF5F589BF76D733ABE3594FCF1B49E8505E7551
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xf75885d7,0x01d7e821</date><accdate>0xf77783e6,0x01d7e821</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.158296437814362
Encrypted:	false
SSDEEP:	6:TMVBdc9EMdLD5Ltqc4oTOg4TD90/QL3WIZK0QhPPNb6Kq5EtMjwu:TMHdNMNxxOnWimI00OVb6Kq5EtMb
MD5:	7FD6DD9FB9137BBF97270B6BB29F35D3
SHA1:	23FA7FEBE7ED6FF0C6D8900C0F07ABAE264A8066
SHA-256:	0A0ED501783534B703C2AF0C8DAFC908892DAA0B4A5EC00410A85607294D4063
SHA-512:	C84548F5B4E4BC7DA976036230265D6385CFFC2048EBD80EF5E3714C1853EC56E362B6582FBB3681FEA1F9883A8BAA4F284B31C670C718A392742D42B664AC9E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xf7241171,0x01d7e821</date><accdate>0xf7398760,0x01d7e821</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	360
Entropy (8bit):	5.115746056530216
Encrypted:	false
SSDEEP:	6:TMVBdc9EMdLD5Ltqc4YX2nKxkLWHgQ4TD90/QL3WIZK0QhPPNb02CqEtMjwu:TMHdNMNxcVnWimI00OVbVEtMb
MD5:	BA799B571917DC0A84698CEEC2FACE16
SHA1:	7E89158899D15AE56C9C1A1FBECF5F68D6FF98F4
SHA-256:	F0C21898260A34CE8836AB9748C0E8EDF409B97F09D63265DD00C6043B8B4E61
SHA-512:	7D1BE80A7A74FEA215E9D7929E323490CFB2DB381B01CBB618CEDE0FBC7AB044C37FFA9C3D19A501A2D41DB7504492D239BA1E44EC0CA463084C2BB9EF41ABB0
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xf48ae3b0,0x01d7e821</date><accdate>0xf4a9e53b,0x01d7e821</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	356
Entropy (8bit):	5.093328436678776
Encrypted:	false
SSDEEP:	6:TMVBdc9EMdLD5Ltqc4InKGVXYNkN+Q4TD90/QL3WIZK0QhPPNbiwE5EtMjwu:TMHdNMNxfnVlYq+pnWimI00OVbe5EtMb
MD5:	FE619FE37EC116F20A111316621215E0
SHA1:	75FD26409E12F2827C856467B4B5CA77A130D988
SHA-256:	EC6B79B22B36EF0C06A22A4C7EF50EA6861495640BEC51F1946D1992F18D7317
SHA-512:	FE2B78844FF74B59686CB98ED1BD8D158622A4591A07D75776E5E96454EB085F86CD00A569AEDC78D14849C70F8C2436982288253CD897C7D5FD020D1BAA067B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xf4c1b85d,0x01d7e821</date><accdate>0xf4e0b702,0x01d7e821</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	21318
Entropy (8bit):	4.108973482829261
Encrypted:	false
SSDEEP:	96:yQQQQQtzS29dcBUXqYkE1fwDzXrzS29dcBUXqo:bzSAcBykEBczbzSAcBq
MD5:	3E93A107B6209D75F03520D9C37744AF
SHA1:	B305E6C600566D4285941CB32B7B3490B0C0073B
SHA-256:	899863997E23E1BF071E46028E6A9D836651B973471BC26EC24D9C2B7FA99DB8
SHA-512:	46193728D7C3BADDDC28B1736188F0D1BD411A0ADD6770CA85CDA79C0540177215EC3CE5AA6BA03FE1067DAE20D2703A2D3297EDA27AA404CA34333815DABF78
Malicious:	false
Preview:	........%.h.t.t.p.s.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.f.a.v.i.c.o.n...i.c.o.~(................h(......(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\2d-0e97d4-185735b[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	251398
Entropy (8bit):	5.2940351809352855
Encrypted:	false
SSDEEP:	3072:FaPMULTAHEkm8OUdvUvJZkrqq7pjD4tQH:Fa0ULTAHLOUdvwZkrqq7pjD4tQH
MD5:	24D71CC2CC17F9E0F7167D724347DBA4
SHA1:	4188B4EE11CFDC8EA05E7DA7F475F6A464951E27
SHA-256:	4EF29E187222C5E2960E1E265C87AA7DA7268408C3383CC3274D97127F389B22
SHA-512:	43CF44624EF76F5B83DE10A2FB1C27608A290BC21BF023A1BFDB77B2EBB4964805C8683F82815045668A3ECCF2F16A4D7948C1C5AC526AC71760F50C82AADE2B
Malicious:	false
Preview:	/! Error: C:/a/_work/1/s/Statics/WebCore.Statics/Css/Modules/ExternalContentModule/Uplevel/Base/externalContentModule.scss(207,3): run-time error CSS1062: Expected semicolon or closing curly-brace, found '@include.multiLineTruncation' /....@charset "UTF-8";div.adcontainer iframe[width='1']{display:none}span.nativead{font-weight:600;font-size:1.1rem;line-height:1.364}div:not(.ip) span.nativead{color:#333}.todaymodule .smalla span.nativead,.todaystripe .smalla span.nativead{bottom:2rem;display:block;position:absolute}.todaymodule .smalla a.nativead .title,.todaystripe .smalla a.nativead .title{max-height:4.7rem}.todaymodule .smalla a.nativead .caption,.todaystripe .smalla a.nativead .caption{padding:0;position:relative;margin-left:11.2rem}.todaymodule .mediuma span.nativead,.todaystripe .mediuma span.nativead{bottom:1.3rem}.ip a.nativead span:not(.title):not(.adslabel),.mip a.nativead span:not(.title):not(.adslabel){display:block;vertical-align:top;color:#a0a0a0}.ip a.nativead .captio

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AA5Wkdg[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	525
Entropy (8bit):	7.421844150920897
Encrypted:	false
SSDEEP:	12:6v/7djHPPM9IhOfybHNtOytXQlcyY7r1vEP/N:2jHM9IhOfCttJVqR01sP1
MD5:	92496B0E07883E12CD6EA765204137CD
SHA1:	5F11C47C9D4D6A52DA90F2F2BA1AFFEB40E8C2C1
SHA-256:	C1F7888A82E3D3DD5E7190E99EC61FE4608399BEAA0EB5A52A32FE584E639015
SHA-512:	384DA4D21A583934E43DD967720DD7546821AD1AFE7F36ABC5D3574F5BABB91ED3BC9D487809E804AADC4F5762F02A0C6B58020925ED1885682F2796C8D690A8
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx..SKn.A.}U.......Kc.$.....".a.....{ ;v.. 6H.e$. .Hl.=.U...........^..y...^4.#..E1.<r.G$...-O7.k..M./e!.1t3ex.......).v...T.....T....~D.c...!I%`.......1..d.\e.}n...m.P.....=.].t07/W5......-.m`..>......q.B.._(.A......T@..+..B......g.7@n .^. ..u.......IR.XER.....q...v.I.A..o..,A~..I..U2\|FJ..7=....qJX.f-.......A..F.#x.....uj..!)...c_0..t..s....D..Fl.=..#t..[.X..=...m.s....S..ryZ.Ho...n._"..f<...4.=X.../V&........_.3eo.......R......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AANuZgF[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	750
Entropy (8bit):	7.653501615166515
Encrypted:	false
SSDEEP:	12:6v/7Wrv0Y7COhH4wY2zKLlJsmUhrpB02KYMYv7LLMVjcS0mNUfozbbj3rtpQd3HO:xrcYOEV3KLXfIB9MYjHMVl0mKozbH3hv
MD5:	93D77F5C5FFACEBA12A1ABFC6190B947
SHA1:	8001474A7342EBF760C66F1C30E48E32E00F2AF3
SHA-256:	E6DA934C90931C6089ADB3D213DDD70C7104D0A182A98AB1C663CEDAE37F83A1
SHA-512:	D5F874DF89D82CC819B7D591766300FC701F0E1FFC6055D4CC4BA55F10674F88EDDA565EB1FA57886AC16A57926EBBBC9A108D45D057D76B904383247CE7EA50
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx..S]HSq...~l.F.af....j..i.(........ ._r...[.!jE.c.....(..\.5.a.X.b.sMj.M.{;....z.....?.......s.--}..$S.._\|..EEA.......$Q...#N;.d2.a.UU.r.".lh...k.2...<..S.$>L..,...`$..../hmr.st+.3Y..(.o..U8.\..G........K...../..q....E...>.EQ..+.j..Y..S.0K... P.%.z....h..=.C.>.`.YD....1."3x......z.1.....$dId.@4U..iG...Q....[c_.kg.h...._~.?6.....u .N....68.j"....Pv..$h....S...!...7..h..C"1.".1.,...>.`....L...sF..<..)...}.X..w....J...n[u...V..g.....E.+N......O..R..Yt<.i.y.j.aOM.N_.A..t.i.4a.._...........z....yR[@-..=.x.:....b'h.jmd..../.........P.B.p9...U...wQ.EJhLpi.XJ.....x..B...;6..HT.S.xz....a.(k....f.#.4z..Z g.q......$Z..@y........B..........IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AAOdxvW[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	23645
Entropy (8bit):	7.810879378215357
Encrypted:	false
SSDEEP:	384:IUEz+UYUKaDX4ZCDbcpwWpedBE/WYqU9m8LaBIlJcv1DAKvA4IFE4JN3QNr:IUEz+UbKa8ZQQptpedAWp8LaCHg1DAed
MD5:	F2186DFE6F4836465043A993391B84C5
SHA1:	C595247171C1DD8D73429B0C58773C5E177106C5
SHA-256:	710EFEEA80DBB97B005C47E34341F00ABCD3345A5756EC967A6D1D6D06094B22
SHA-512:	21E86B092676E1EAE42E18C680D176A045E8158CE8386DB7D8624B7D3C70E9A018C1992FCAB22A6FEBF824445BF1850E7E98BFB4AECDA769ADA52356DFCF43D3
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..pn..+1..(...P1.L..s.4..1@.8^2h....2)J...P"0..@.c..g<.!<..)..BW.J.."Xm4..0......4$..z.C+mL.........6.?. <......4. .Hb(.&8....=..1......A4..(.2.......HT...5.p.....{.E.4.p.....L.....{P....+HBc4..8.3I...y.S`d....7.k.U....B.........^(..h...H.m;..c...@..1@...B.@.Bc....p....4.}(..H..:S@.#..4...!...P!)..T.i..M..M...h..a..1.c..n(.......H...<?..1..........!...S.`8.1.J.1..0..h.H

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AAPXV6f[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	43958
Entropy (8bit):	7.95479647369897
Encrypted:	false
SSDEEP:	768:IdCQ1yKoBe/VFAqoqC/SW7LndEg6qbkwFYXbGUMCCwkAymDJ6ROomfB5G:IdREILRoh6W7TdE4TmiVbwkAymV6R+f6
MD5:	B43D172214BFE87CA52255744EC5929C
SHA1:	43C790A53D899DEB39D6EAF5FB449953282D10E8
SHA-256:	54BE96E34C36759FF69E882E176B4B49FD52B87B08E658F6544B367207B1B624
SHA-512:	3C35AF2C4EE4268EA820767DDBE05D94B5D33B033261F9E8628B06D3FF616830BA23D2B35A98A0087550F7A0A3C634FA966A65107757B6F40F25F7AACCD63FF1
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..'.q&.e&.v.l<i..8..7L.4&&..j..8.....b."E...KF.f...'....4..i0..ku..%c...v..<./..oj......m...*d.c..!{.Bx.a..35.m..O>..L...2.Qs&OJh.8.:-7R].n.i.Jz..v..@`MW1.b.....%.)\..cv..S...hi...w..H./..K..T..L.K.l...n.T..vi.G$.....0.0l.......o......V6..Y0qS..i"...9..6..'..c....s....f.....d.-....n\Y.....,..e.......i.Yy.q...@..;.I..5.7..1.0.Y.....XV^..O1.>VH.SF..,j.-..7..9..T.......c.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AAQCgDb[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	36113
Entropy (8bit):	7.906769801243059
Encrypted:	false
SSDEEP:	768:Iee/a8zxIXkWEp9v5yW1WSH1x6S4zFFnh2S96LL2iT:IRCsp/94nSHj8zFFnh2S9KLFT
MD5:	7EB2C6AFF772712CB5C5430050503581
SHA1:	E80334CA32FF05AD16B7D8E322200F8DF9BBE86D
SHA-256:	C7FC141B8CB74F3BE9EDFC961162EF4A52EDDD0EC8068DAD4B197E9E000C6858
SHA-512:	90898FDBEBA87CC879ADA6194B5B83BAE64BF0114C3F3EFC3A0F8D3DF73287D30EE69BB6A0C2FB6D53C639062114073730C7FF1AFB94989601786B4E220A705E
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....`...b..)..).b.0.1...1LA..&)...LB)...2......!q@....R.qLa..p..\P....(.......p..8.CA..;....!.....)..(e!.R..)....Hp.....(.....!..&!..LP.LSB.b.@...C@....4..LLJb.h.(....4...S@4..&(.1LB.@...&).1.....&...b..LP.m..+@..L...n(.1@.E.&(.G....(..4 ...).11LA..1LA..LS.......).11L.1A,\P..c.P...........&.......;..P(cB....h\R..(..R..)1....."...hp..(...b..(.h.(..Lm1.B.S...!..P!...@.4.%.......7..&(...A.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARfw7b[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	modified
Size (bytes):	25424
Entropy (8bit):	7.872077651941203
Encrypted:	false
SSDEEP:	384:IJevjgAhlBpfdsHJUebsmAiW4XtCi3TLAIJM0usV9QewV/0JjucfK8lXsENe:IJeLgUB3spVbljD5jLpMdsVLjJ/VE
MD5:	4B4588EDDD7A2E6517B7D0018DD82EE3
SHA1:	6487DFE0E42A95116835CED249175E6F3D5E95B4
SHA-256:	366D03FA212EEE18E60835E02F07EB3D5C054BDE122E558C6F51F2133B36DB04
SHA-512:	641743FD1F56D3AE734EA6E5CEED1F3D5287B9C56E70C66C2D2C7D8050F4CC76DE4E00701908F9E9458994349CCBD93DFEA9B36C691BD06AE30E744C8B59906E
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...+....E .....f..:S.x94....Jb....?.....wHJ(.u=.J.T...6..pi..Z.g..3.-..js.(*....8...\.EP..........@...6.....2.....:.B...z...!$.0.@(.G..v.`O.....>.....u.6..-..4Y.........1'.@ ..(..XrE...\P........]r{R.....Y.....!]...."a..b.L.1..AD.M....1.!......-.:...%h.Ui.&..v.!..>..D..t.HpA..\|....=jX..HaB...LP!.`.`To.i.i..[.....~f.$`.@.6....[.".a....EF..t#&7..).b.$.# ....)+..H.{.<..V..qYXb....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARlAkD[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	12225
Entropy (8bit):	7.954882837332995
Encrypted:	false
SSDEEP:	192:QopM/3a89tBQYmRVelSxCdQQPgbKMZ6b5Uw6rb8eQ/1T6vPvHMH+KEND0xbRTcXf:bpM/9tCYm7USxOYexLQb8b6fO+NgxVTE
MD5:	ED9E7756DA4E8726E15FF66EEA29B2EB
SHA1:	9F63B24C827126AA83B9BC9C315F00FEA31037DA
SHA-256:	3DF630B2AA42669FFD5CA509740C633CA327AB83CF1A909F387F00EA81E299B4
SHA-512:	F7051A7059D3EE424A5338A19561656E16EF77DD7CE79C0B78CF42B58F36821E54B3BD136386044AC808A7C7BB99F8D55C8C8D2B5DA13284C4931B9DDAA2827C
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..5..i....c%......O..H.?.^jbH.a.... .q.OSH...0!p.p;g4....B..94.......cC./LR)J.bu.z..-5..Jp..eyc1...}hN.N.,...4%..M2X.<SB`..L..X..D....s...........).........U....r.AI.".4..#.....J...!.h...QA?...^).p....v.5.<..........$.R..1.A+....p.....G93.@.C)=..h(....!....@.....j7.\|..x.d..RsHj..y..<..xa...4...(..!....3g.0.\|.@..F.s....:..K.S...X.=.0H=..v.4.!..H.94.c..>...1..........-t.?$

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARlHk9[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	22187
Entropy (8bit):	7.823487910271174
Encrypted:	false
SSDEEP:	384:Iw64suNmj3MIjnMfqk1B7+laJrx3eNzi/x/l5w+QujCHNRTunP1KaU:Ij4JNmLxhoN+lXcnQueR2KaU
MD5:	8CFB07A50C5898ED84ECE2BEADAB2D66
SHA1:	FF0FD5B388DF586E4A376883F4A680D773C70B68
SHA-256:	C09DB064F815073A445A459FE4C5DC4AB14A9CF2F97B15AAC86D008E5FCFF490
SHA-512:	D383A52D1033DFA44793FFA150C5146210A3568BB381C2506574A5ADB14A25C498FD47F6DBD52FD0EC6656D11B22433B51B0696B291332B2D6BDDCD2480D92B9
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..jF.@....P1h......(.......@.@......P0..@......Z.(..a@.@....Z...P...@.........P..0.....-...P...Hi.m........Ce..Sr..9dA ..9.E...g.@(......$3.Q".E.9.;.$.Rf...........P.P.@.....P!TR-!..U...q8.#.\...d..f.@....P1h......(..........P.@.......(.h............(.h.UY..h)E.B36.4\j-..#!..&.-=GyO..8...bloC@r..'.....1.....@..-...(... .m..`...b.@..-"......6b.zR..+d.0.B(...Zw2.H.Z....C..h.7..h;..z....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARlo9i[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
Category:	dropped
Size (bytes):	2334
Entropy (8bit):	7.804787398990509
Encrypted:	false
SSDEEP:	48:QfAuETAj7/rkdbUMIDJa/N+qyNlgKJKA4RZ3J0OjCB:Qf7E2rkNUjJaV5iMAU1J0/
MD5:	19C0AE16B773955A968DBC2E02F78DD9
SHA1:	68B07436E87A31B07DD7F20B897AE14664F15733
SHA-256:	A9651BD954612BE62AD6732BA260774FC7585C5D28F3571BB67C352C6B641BF4
SHA-512:	E3673451A23795B2401D2C38D04BD8A186DBF420662D7E45C1EF57C5CA6451A3D887975CE981DD1012794B7E999173D98E0BBD483E552DB12F1B1DAF3F268317
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..=.?...Z......t>......I.3....+.V...a..../.7.....`.b....~t.d..:M>.b^..k.J.Lb....:.....4..~..5&...[U...M.3.....%s.p.@./s...o&....G.....E..M213....z...H.}.h....[...+s....4R.D.w.,.3.....p.!.I.......4.n.....:.E.A.\...-...n.T..Y>....!62...YB..y_>.).1M...Z}K...m...Gz..SW9.m4Ir.W.<......@.. K{.3.......5.....q.....`t.+...n2F:....Qq..$`....U.6ZE$...U%G.B..:.S6.#..s@....px<`

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARm3dD[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	18768
Entropy (8bit):	7.946351991554511
Encrypted:	false
SSDEEP:	384:N9dBDM+huIyOVS2VHyECNc0w4Cmfd4iaIPJEVK5z/L7p18j2cR1x:NC+UIyOM2VHyq4PraIxF5zPn82cZ
MD5:	79279F721FF8C74B10CA43E0F5336FBE
SHA1:	4C192F0EB63A397CD78CE973227072C966909FDF
SHA-256:	A1263575D520458E7F3D81C40E5344710036B3F1BED1AB0356E3FAAE8C99A650
SHA-512:	6B3A1DC1366279034EB3B239517179B439B2BA525A089BD9EB7E5ED97BF2CCB2350CACD2BDF7EF150DBAFB4BA19048B98967BF13AFDEF49E372BDD0C5E8B13DD
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...N..+...L%;...8.].E.{.....s.%szJ..8...!...[^..-vFG3E.e.>\.N.OB{..$..K`[.-%...c...5...PV..H....(......#....9N~...<.@#.h.h......).P.L.....r.Z..y.T..<..VoY"..C.h.\|..{y...V....k_@.V%,p....zT....liV.....J.(.(...S.).X..0T......J..$...2.NQ..Xz5r.z..h$..o.LF..:...D.....?..Q....H....WW...+zuS..t.W..Ny....q..Mh..+...7kC~.....9.~...Z.(........E....n......(.....B.S.....R........?.5..-.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARm6r5[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
Category:	dropped
Size (bytes):	17703
Entropy (8bit):	7.948335335138899
Encrypted:	false
SSDEEP:	384:+qOQvDg5PuGI2FJ+7euVXqjJFBloj5XNk+Y565p/oq6bLOHA6rz7FRT:+7eGIS+7euV6jJFBe9XmZ56noq4fozBV
MD5:	AF8B89FA03344C236767C0FED93A3635
SHA1:	8CEAF3DA8CB0994F5F54BEC5A09C6408C459ED82
SHA-256:	06EFB97DCE1ADE37742C16ED656371F172BC549D752B1EE301411E08E508ED0A
SHA-512:	42AC09528A1C9FD541F34CC7F58ECA9281ED536EC5FCA9E3484A9B47BEDCE45611C6E2845EDD42042146CBBE9FE2D44201AC71CD62A20344216E3048E6645D0C
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.~.&...B.<Do...Z.,;.T..K..Z'y@..,[eI.%s.<f...9..RS..#uC..R...7v..,F.y..gQlt...!.....Rd..E.........+...iI.Sh.Y......5......Ex.....gfYf....M.Q.I.6...C5!...0....l...'B6dzVmZEKb..~D..o...D..L.I.+..m+...uf>.v./n....._..z.R4J.Uv...5pVD..M.,m..N+H...5d.t6.Kx..X...4..:~#.qEy...r0.rm=.v....<.;..8..z...:#.".{.......OK..........y5.jRz...Sp.{V..c).YF...]......g....M...D.H..z.^.D7....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARmt9G[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
Category:	dropped
Size (bytes):	10526
Entropy (8bit):	7.927345671317898
Encrypted:	false
SSDEEP:	192:QtHL+Dun0sH2/rauOIAzigvbHdvNKh5crngQ04ArL5UEEIsKIbZNHg:+S2pWgIAFRvNeUgQ9C5UEEBtHg
MD5:	076B1B6F3B46740679FA703FE7EDF5E6
SHA1:	A961FF54B4D6A170FA42366CA3F79DCC9DB55763
SHA-256:	7EC4C91055D6BF21250D3754A2E7ACC1BCCF7B61215D218F10078E2DC4F22A67
SHA-512:	77C447AFB5049BF02F8CA136840307AB618DBEB584123AF98C2FBA597C2E902789A74F0451BB00EF891E87EF19A84F9F6557CD2747E5329264DEB600F42CE712
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..H....d...........V.C.^......Q`5t.<..@.RDI.....ac.Qd..]...,4.V4.P.)...4...ld..#a..A.gW7..hp..O0.{W...p.1T4..2M....3.W.CK...e.@..%..a..)#<T9....[.....)....G.!a..0......,ZD......%....:.!.X.Y.B6n.A..1.m.Y.n.ap...#..E.L.=&.-..PM4....B.,.Kc..Y..f..#.cB.:.E2........L.".B...`.qL......zSBn..z..`.(...........qJ .2.Cv..x.eD.Sr..).,.y...i.3...m.Fh..W# ..J.g...[.j.lJz..q..h.....l.w.m

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARmvNW[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
Category:	dropped
Size (bytes):	2881
Entropy (8bit):	7.85955245042214
Encrypted:	false
SSDEEP:	48:QfAuETAv+2XacTEbp8Cq7KtgO8BzwAtFhp3cGByPBPOKrkNbUTol:Qf7ET2q0EbHtvYMKCYykz
MD5:	C51479837063AC740FF33D4EDCF910B6
SHA1:	5144AA2ABC2DE143AFECC36C06F3E1AFF408B4B8
SHA-256:	B11870B80969AD463F4BA768F5D84636A309F7E96E2D3C76CDE5FBA38C5E7A80
SHA-512:	05297A6F040C6323CBBDE63255B255812631785488811AE40D26316059166B7677385BEEDC122AC4738EF6B9E6755E449BBC87C9B6CDADFFF049502AB2843044
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.ez..............zVu...)+.......VI{u4.H.@..q.5...,i.i...[^.J.....,..i.3..m.Y.d[X4..DHky...x...RLM.y..+q.i......<...t.x...F..Fk.....-.:....@...j.Az.......e.3j..W3.V...~....m...v.'.=My.i....m...'8.K.4Td.6..."E.O..hRL%I.w....Z....=s...<.en.5znQ..t..p.LA@..,p......(..A5...ea.2N.N=..\\.a.;0P...^..MS.SIm..1..2"..n...+..l..".1.Sb\|...1`?:-sH.h.G.SJf.....q?..ObZ...8........(.mK.E...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BB1cEP3G[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1088
Entropy (8bit):	7.81915680849984
Encrypted:	false
SSDEEP:	24:FCGPRm4XxHvhNBb6W3bc763IU6+peaq90IUkiRPfoc:/pXBvkW3bc7k1FqWIUkSfB
MD5:	24F1589A12D948B741C2E5A0C4F19C2A
SHA1:	DC9BB00C5D063F25216CDABB77F5F01EA9F88325
SHA-256:	619910A3140A45391D7D3CB50EC4B48F0B0C8A76DC029576127648C4BD4B128C
SHA-512:	5D7A17B05E1FD1BC02823EC2719D30BC27A9FA03BCFFE30F3419990E440845842F18797C9071C037417776641AB2CDB86F1F6CD790D70481B3F863451D3249EE
Malicious:	false
Preview:	.PNG........IHDR................U....pHYs..........+......IDATx...]..U.....d..6YwW(.UV\.v.>.>..`.K}X).i..Tj...C..RD. ..AEXP.............]).vQ../$.%.l2.....dH&.YiOr93.....~..u.S...5........J.&..;.JN..z....2..;q.4..I .....c!....2;J........l(......?.m+......V...g3.0..............C..GB.$..M.....jl.M..~6?.........../a%...;....E.by.J..1.$...".&.DX..W..jh.....=...aK...[.#....].. ....:Q....X.........uk.6.0...e7..RZ..@@H..k........#......[..C.-.AbC.fK.(a.<.^p.j`...._>{<....`.........%.L...q.G...).2oc{....vQ...N5..%m-ky19..F.S....&..../..F......y.(.8.1..>?Zr......Q.`.e.\|0.&m.E....=[aN..r.+....2B/f8.v..n...N..=........i.^....s&..Hr.z.....M......:........EF.....0.. .N.x............N.pO.#2...df=...Fa..B#2yU....O.;.g....b.}ct.&.7x..t.Y..yg....]..){.,.v.F.e.ZF.z..Ur+..^..].#.]....~..}..{g.W0?....&....6n....p\.=.]..X...F.]...\s5OK.3Wb.#.M/fT...:^.M}...:t.......!..g......0t.h..8..4cB....px..............1.!...}=...Qb$W.*..."............V....!.y......<H

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BB1ftEY0[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	497
Entropy (8bit):	7.316910976448212
Encrypted:	false
SSDEEP:	12:6v/7YEtTvpTjO7q/cW7Xt3T4kL+JxK0ew3Jw61:rEtTRTj/XtjNSJMkJw61
MD5:	7FBE5C45678D25895F86E36149E83534
SHA1:	173D85747B8724B1C78ABB8223542C2D741F77A9
SHA-256:	9E32BF7E8805F283D02E5976C2894072AC37687E3C7090552529C9F8EF4DB7C6
SHA-512:	E9DE94C6F18C3E013AB0FF1D3FF318F4111BAF2F4B6645F1E90E5433689B9AE522AE3A899975EAA0AECA14A7D042F6DF1A265BA8BC4B7F73847B585E3C12C262
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx....N.A..=.....bC...RR..`'......v.{:.^..... ."1.2....P..p.....nA......o.....1...N4.9.>..8....g.,...\|."...nL.#..vQ.......C.D8.D.0.DR)....kl..\|.......m...T..=.tz...E..y..... ..S.i>O.x.l4p~w......{...U..S....w<.;.A3...R..F..S1..j..%...1.\|.3.mG..... f+.,x....5.e..]lz...).1W..Y(..L`.J...xx.y{..\. ...L..D..\N........g..W...}w:.......@].j._$.LB.U..w'..S......R..:.^..[\.^@....j...t...?..<.............M..r..h....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BB1kKVy[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	898
Entropy (8bit):	7.694927757951535
Encrypted:	false
SSDEEP:	24:AoSFwQNh8iuQ/HM5V7Wp7Cxf2aA5DbK1cbr:AoUNhtuQE59WpWx+a6Pl
MD5:	2FAD21634CA0EC2AEF0D32E72748CCFB
SHA1:	4D4727E108164985D0722A32035F58FA0BDAD19E
SHA-256:	A8FD087BD67E5CEBC1B90AB2E4DD94847B947B849EEBDE4E816DF54ABE66C589
SHA-512:	30D075B21AB5891C2FB8684DE64F784F0F65784307C36076ADB745131C0E9CABE89DFC5C74BC9BBF210620D1A525E9FAC1626BBB35B49946955C609378D3B185
Malicious:	false
Preview:	.PNG........IHDR.............;0......pHYs..........+.....4IDATx..]H.Q.....6.u!.t..)MQ'.e..S2e.Md^...F....cB.0...J..B.0..(J.4P.#J..A.................\|<.s...I.?.&...^p..w$....Q;...P..).G....n@0.........D.z=p..E...j......Z..E..Z$..;./....=RpR......z..'..)8'$si..(....!.]!..0...CVmH.Xp(...#..0Y.....&...t.b.`..3....P..._"...9....z.&''{;::../.......SoB...61].8..77..df......d..........KMMM....k..."?...w......$....Q?m..$..=/.w.Juw..xOnn.?...j5...+].W..bI.....?.v..bU......!.)..,w.>.sR.=.7[;...q.._...K..._.U...........\|.....P........[.}.;.o.{Ui....>.O...X..b1.........l{{.{~6.b...x..j....rS"...a/,4h....H.P...p.H.....}h4.2..E....0..fg.V.>..+....2D..D...j...d2-A1..R)sk..\^^..t:...lnll.s8..A`>.6.%.O..f...{`4.5II..4?S.g..j....!V..`....F.IK.B.v.rm...n........l@.T.c.9......C6...H8)....,.`.\.....0666.9*h.....?............j.>.8STl..G...t..P..6.....eO.......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BBH3Kvo[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	579
Entropy (8bit):	7.468727026221326
Encrypted:	false
SSDEEP:	12:6v/7ziAVG8tUZ8VveAL8S6mbRRkeYZ2GlguM+7Kf03NE3Emns6F9:uisI8x5L8ub7keYZ2GlLsMi06F9
MD5:	FDC96E25125ACA9FAA9328286DF59A3C
SHA1:	AE96A116A24EC53C3D1E2F386435F6CE6B6B6F08
SHA-256:	201E3277C624BCFDAF85CA20EE8BA8A22D8D3BFF44FDAD41FC23CB07AE0E9A40
SHA-512:	98591D2D6F7C0DF27DDE63572C3751974323B6A34CCE14845D418E32E17177DF27F612CDBD9F44B24AFC5C259CEE37CBCD08DDA0DB9A81434169DE9BB2CD8D24
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx..S=..A.=.....U$..I.Z.b.HlR........)B.;..i^....Im..(ba'b.I._...*..y..vy.G...{.g...........P.c.Y..P..(..uv=....\|VF....$.I..n....@..E.....t.+@.RA>..b.@0...w1...\...d...F...H..B.......V<.n6..R)..f..$..L.S8.Nd2...s...qD.Q.F#,.K.j..R...\...P..n..a.F..b.~........E6.....:..'.n.0.F..~..\|.....x........`0.J....>..UD?..__.`D...7x.....jK@.....x...m..\....O`y)C.'j.\..~..G..I`..........Z)'a.d..&$IB.\...UI.d......x...P(.p8.2........w@.5..n..j.aT#...........Y..5VB....f..;..f8..-...w...a......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\a8a064[2].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 28 x 28
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	7.019403238999426
Encrypted:	false
SSDEEP:	384:g2SEiHys4AeP/6ygbkUZp72i+ccys4AeP/6ygbkUZaoGBm:g2Tjs4Ae36kOpqi+c/s4Ae36kOaoGm
MD5:	3CC1C4952C8DC47B76BE62DC076CE3EB
SHA1:	65F5CE29BBC6E0C07C6FEC9B96884E38A14A5979
SHA-256:	10E48837F429E208A5714D7290A44CD704DD08BF4690F1ABA93C318A30C802D9
SHA-512:	5CC1E6F9DACA9CEAB56BD2ECEEB7A523272A664FE8EE4BB0ADA5AF983BA98DBA8ECF3848390DF65DA929A954AC211FF87CE4DBFDC11F5DF0C6E3FEA8A5740EF7
Malicious:	false
Preview:	GIF89a.......dbd...........lnl.........trt..................!..NETSCAPE2.0.....!.......,..........+..I..8...`(.di.h..l.p,..(.........5H.....!.......,.........dbd...........lnl......dfd....................../..I..8...`(.di.h..l..e.....Q... ..-.3...r...!.......,.........dbd..............tvt...........................*P.I..8...`(.di.h.v.....A<.. ......pH,.A..!.......,.........dbd........\|~\|......trt...ljl.........dfd......................................................B`%.di.h..l.p,.t]S......^..hD..F. .L..tJ.Z..l.080y..ag+...b.H...!.......,.........dbd.............ljl.............dfd........lnl..............................................B.$.di.h..l.p.'J#............9..Eq.l:..tJ......E.B...#.....N...!.......,.........dbd...........tvt.....ljl.......dfd.........\|~\|.............................................D.$.di.h..l.NC.....C...0..)Q..t...L:..tJ.....T..%...@.UH...z.n.....!.......,.........dbd..............lnl.........ljl......dfd...........trt...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\checksync[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	204
Entropy (8bit):	4.753212018409155
Encrypted:	false
SSDEEP:	6:ljggS5oc/bLiuggS5oc/bLiuggS5oc/bL7:+DpxgDpxgDp7
MD5:	AA0EC763639C9094D9BE1B0D491AC65A
SHA1:	9A0E137BD9EB21908016360FBB2DAD6AED37CAE4
SHA-256:	4D2671D4C5D04438C3447C787ADF222D33AB22C91222ABB1B5524ED586B42C01
SHA-512:	9A812C4C097D864E757CE84D98542EA239150D61184E2BF1BB62EB9E97F8730ADBB96D00F95B0386FC4B93E82347450ADE2A77E5B495708C0438C7DCF5BCEF81
Malicious:	false
Preview:	Connection failed: SQLSTATE[HY000] [2006] MySQL server has gone awayConnection failed: SQLSTATE[HY000] [2006] MySQL server has gone awayConnection failed: SQLSTATE[HY000] [2006] MySQL server has gone away

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\de-ch[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	79097
Entropy (8bit):	5.337866393801766
Encrypted:	false
SSDEEP:	768:olAy9XsiItnuy5zIux1whjCU7kJB1C54AYtiQzNEJEWlCgP5HVN/QZYUmftKCB:olLEJxa4CmdiuWlDxHga7B
MD5:	408DDD452219F77E388108945DE7D0FE
SHA1:	C34BAE1E2EBD5867CB735A5C9573E08C4787E8E7
SHA-256:	197C124AD4B7DD42D6628B9BEFD54226CCDCD631ECFAEE6FB857195835F3B385
SHA-512:	17B4CF649A4EAE86A6A38ABA535CAF0AEFB318D06765729053FDE4CD2EFEE7C13097286D0B8595435D0EB62EF09182A9A10CFEE2E71B72B74A6566A2697EAB1B
Malicious:	false
Preview:	{"DomainData":{"pclifeSpanYr":"Year","pclifeSpanYrs":"Years","pclifeSpanSecs":"A few seconds","pclifeSpanWk":"Week","pclifeSpanWks":"Weeks","cctId":"55a804ab-e5c6-4b97-9319-86263d365d28","MainText":"Ihre Privatsph.re","MainInfoText":"Wir verarbeiten Ihre Daten, um Inhalte oder Anzeigen bereitzustellen, und analysieren die Bereitstellung solcher Inhalte oder Anzeigen, um Erkenntnisse .ber unsere Website zu gewinnen. Wir geben diese Informationen auf der Grundlage einer Einwilligung und eines berechtigten Interesses an unsere Partner weiter. Sie k.nnen Ihr Recht auf Einwilligung oder Widerspruch gegen ein berechtigtes Interesse aus.ben, und zwar auf der Grundlage eines der folgenden bestimmten Zwecke oder auf Partnerebene .ber den Link unter jedem Zweck. Diese Entscheidungen werden an unsere Anbieter, die am Transparency and Consent Framework teilnehmen, signalisiert.","AboutText":"Weitere Informationen","AboutCookiesText":"Ihre Privatsph.re","ConfirmText":"Alle zulassen","AllowAll

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\e151e5[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	43
Entropy (8bit):	3.122191481864228
Encrypted:	false
SSDEEP:	3:CUTxls/1h/:7lU/
MD5:	F8614595FBA50D96389708A4135776E4
SHA1:	D456164972B508172CEE9D1CC06D1EA35CA15C21
SHA-256:	7122DE322879A654121EA250AEAC94BD9993F914909F786C98988ADBD0A25D5D
SHA-512:	299A7712B27C726C681E42A8246F8116205133DBE15D549F8419049DF3FCFDAB143E9A29212A2615F73E31A1EF34D1F6CE0EC093ECEAD037083FA40A075819D2
Malicious:	false
Preview:	GIF89a.............!.......,...........D..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\iab2Data[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	271194
Entropy (8bit):	5.144309124586737
Encrypted:	false
SSDEEP:	1536:l3JqIHQCSq23YILFMPpWje+KULpfqjI9zT:hqCSVyIeiijq
MD5:	69E873EC1DB1AA38922F46E435785B61
SHA1:	0E17DD5D16C19D40847AEEEC9AF898BB7F228801
SHA-256:	D90C45999873C12E05B6A850C7C5473E1CB3DA9BD087DB5F038F56ABD65F108C
SHA-512:	27F403FDC906C317F4023735B29ABB090867CAA41103CE2FD19E487323EBEE15884DF10A353741C218BB83C748464BE3D75459F5D086FDE983DB85FC86ADA4D4
Malicious:	false
Preview:	{"gvlSpecificationVersion":2,"tcfPolicyVersion":2,"features":{"1":{"descriptionLegal":"Vendors can:\n* Combine data obtained offline with data collected online in support of one or more Purposes or Special Purposes.","id":1,"name":"Match and combine offline data sources","description":"Data from offline data sources can be combined with your online activity in support of one or more purposes"},"2":{"descriptionLegal":"Vendors can:\n* Deterministically determine that two or more devices belong to the same user or household\n* Probabilistically determine that two or more devices belong to the same user or household\n* Actively scan device characteristics for identification for probabilistic identification if users have allowed vendors to actively scan device characteristics for identification (Special Feature 2)","id":2,"name":"Link different devices","description":"Different devices can be determined as belonging to you or your household in support of one or more of purposes."},"3":{"de

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\nrrV52461[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	91348
Entropy (8bit):	5.423638505240867
Encrypted:	false
SSDEEP:	1536:uEuukXGs7ui3gn7qeOdillEx5Q3YzuCp9oZuvby3TdXPH6viqQDnjs2i:aKiw0di378uQMfHgjV
MD5:	9C4A60B2332E94D3BFF324BD8DF61A31
SHA1:	6245D60C273E175D3EC798CE8ABB65AD75F24E09
SHA-256:	8C38115211EB4E291CE6F38629C8AEE0F882EBED06B66F3DB3D6587C1EBDF52F
SHA-512:	31830D8DE79206C5C5B178DBC798D3A2AF597BA14D9075EE25CC82B096083B180B0B41CB5DC24640AC2A8329575102A3D724DA1F4307DDFB57DBC5C64A873817
Malicious:	false
Preview:	var _mNRequire,_mNDefine;!function(){"use strict";var c={},u={};function a(e){return"function"==typeof e}_mNRequire=function e(t,r){var n,i,o=[];for(i in t)t.hasOwnProperty(i)&&("object"!=typeof(n=t[i])&&void 0!==n?(void 0!==c[n]\|\|(c[n]=e(u[n].deps,u[n].callback)),o.push(c[n])):o.push(n));return a(r)?r.apply(this,o):o},_mNDefine=function(e,t,r){if(a(t)&&(r=t,t=[]),void 0===(n=e)\|\|""===n\|\|null===n\|\|(n=t,"[object Array]"!==Object.prototype.toString.call(n))\|\|!a(r))return!1;var n;u[e]={deps:t,callback:r}}}();_mNDefine("modulefactory",[],function(){"use strict";var r={},e={},o={},i={},t={},n={},a={},d={},c={},l={};function g(r){var e=!0,o={};try{o=_mNRequire([r])[0]}catch(r){e=!1}return o.isResolved=function(){return e},o}return r=g("conversionpixelcontroller"),e=g("browserhinter"),o=g("kwdClickTargetModifier"),i=g("hover"),t=g("mraidDelayedLogging"),n=g("macrokeywords"),a=g("tcfdatamanager"),d=g("l3-reporting-observer-adapter"),c=g("editorial_blocking"),l=g("debuglogs"),{conversionPixelCo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\otTCF-ie[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	103536
Entropy (8bit):	5.315961772640951
Encrypted:	false
SSDEEP:	768:nq79kuJrnt6JjU7cVbkhS/G+FBlTjmSmjCRp0QRaPXJHJVhXKNTUCL29kJlXYoXY:49jht4bbkAOCRpl6TVgTUCLBX10UU/px
MD5:	6E60674C04FFF923CE6E30A0CD4B1A04
SHA1:	D77ED2B9FA6DD82C7A5F740777CC38858D9CBDDD
SHA-256:	48221F1DE0F509D6C365D9F4BA1D7DB8619E01C6BC4AC8462536836E582CDC66
SHA-512:	62F5068BDEDBA361DAD0B50B66F617A2A964B9D3DB748BF9DE29C4F6307B1891AF9A4D384F3CEB25C77B62D245F338D967084301391A41BAB9772E2632B36B96
Malicious:	false
Preview:	var otTCF=function(e){"use strict";var c="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function t(e){return e&&e.__esModule&&Object.prototype.hasOwnProperty.call(e,"default")?e.default:e}function n(e,t){return e(t={exports:{}},t.exports),t.exports}function r(e){return e&&e.Math==Math&&e}function p(e){try{return!!e()}catch(e){return!0}}function E(e,t){return{enumerable:!(1&e),configurable:!(2&e),writable:!(4&e),value:t}}function o(e){return I.call(e).slice(8,-1)}function u(e){if(null==e)throw TypeError("Can't call method on "+e);return e}function l(e){return L(u(e))}function f(e){return"object"==typeof e?null!==e:"function"==typeof e}function i(e,t){if(!f(e))return e;var n,r;if(t&&"function"==typeof(n=e.toString)&&!f(r=n.call(e)))return r;if("function"==typeof(n=e.valueOf)&&!f(r=n.call(e)))return r;if(!t&&"function"==typeof(n=e.toString)&&!f(r=n.call(e)))return r;throw TypeError("Can't convert object to primitive value")}function y(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAKp8YX[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	497
Entropy (8bit):	7.3622228747283405
Encrypted:	false
SSDEEP:	12:6v/7YBQ24PosfCOy6itR+xmWHsdAmbDw/9uTomxQK:rBQ24LqOyJtR+xTHs+jUx9
MD5:	CD651A0EDF20BE87F85DB1216A6D96E5
SHA1:	A8C281820E066796DA45E78CE43C5DD17802869C
SHA-256:	F1C5921D7FF944FB34B4864249A32142F97C29F181E068A919C4D67D89B90475
SHA-512:	9E9400B2475A7BA32D538912C11A658C27E3105D40E0DE023CA8046656BD62DDB7435F8CB667F453248ADDCB237DAEAA94F99CA2D44C35F8BB085F3E005929BD
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx..S=K.A.}{...3E..X.....`..S.A.k.l......X..g.FTD,....&D...3........^..of......B....d.....,.....P...#.P.....Y.~...8:..k..`.(.!1?......]*.E.'.$.A&A.F..._~.l....L<7A{G.....W.(.Eei..1rq....K....c.@.d..zG..\|.?.B.)....`.T+.4...X..P...V .^....1..../.6.z.L.`...d.\|t...;.pm..X...P]..4...{..Y.3.no(....<..\I...7T.........U..G..,.a..N..b.t..vwH#..qZ.f5;.K.C.f^L..Z..e`...lxW.....f...?..qZ....F.....>.t....e[.L...o..3.qX........IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAPwesU[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	777
Entropy (8bit):	7.6388112692970775
Encrypted:	false
SSDEEP:	24:+7lA8BoZmceXqKpNkTxSdmeGt0VLQT2NA2LTBixN:oVoZBn+aFQmFCV8r2L10
MD5:	A89DEB9BD9C12EE39216B4724EF24752
SHA1:	F3410A1069610A57CA068947F1A77F73B9B20FDA
SHA-256:	7438061CAC6A152A15BD67057926404DB423936B22635A1902B0BF54C4B14464
SHA-512:	4065BD6D0C141DF2AB3C4CF0AE2C0D87530363EC2CAFCF47493F8CA69025C8613B2B77065924F49AFE4C810A7D6DDD14DFCB3E69274EC7D167382D24806F70B7
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx.e.{L.q..?.s.]uq.H..)QV.J......56.f.l..iXn..0.[6L.%L.ki.,.)V1b.J.SgrKg....9o....{....~..s..1.z........J.44w1..Y.7;..c>.W..u.O..d..vE.[2.9_....pN.].......J......].D.....Q@g.w.[.q.mC.b..b.,..s.O^~$5..oK3qq.%9&.....{PK...kf..S..d..%.....[....).fSb(!....Q..C.;k.....-.;Ab6E..0...Nb....,.C...A...IG...5.&Q.......5....J.......LC.._.}..VA.....rJ....h..&.LDQP.cA.'..3qsu.d2">r...%1:.PA.k..c8Ak.W^..s ._/-.n=.~#VV#d...\............B.<.{..Q...}.{k..._.E.B,..O.......b6...p......L.........>....m.j?.R..3.OP...g._.f6..?...._N...l..8......r..rhG....i.8%`.@........]...%*\|..........T?.k[u..`/6&.r.P2..k...ZG.._....I+.HX.....d..R..&...9.....be_&...y.\|".z)...lGv..a.....zE.\|..s....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAQby46[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	363
Entropy (8bit):	7.158572738726479
Encrypted:	false
SSDEEP:	6:6v/lhPahmo4mUMeAcyo60p0DbmaEqs2WQ5xTJp8ub7rvz81qBI884CUq109LaP/U:6v/7N/Nqf0m/WqxHfq6IHhUuHU
MD5:	2F9F3CB5388BCD08347366720CE5D288
SHA1:	A39BAC27D57324389B7B65180D231A9030494616
SHA-256:	8E87ACBF78E18EEF07524A2EDB0100BBBF77213CC16227046411F1EEBB6727F4
SHA-512:	FC26F4E0B2B8FDDFEE5657C9425FF0F8C6E2CFF0B8144E3DA597DBA15CA28CE2B10113967B3DE61DD137C6AE384199A03974761A5382FEA93BE250EF9217C2FD
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx..1..@..?........i.."n.s.t....g.:..b...m..^AR..Z..M. l...d.........3........Z%}......Ox..z,.r...1.. ....!.Y.q8..}..p.jb.^s:.(....v.M.E..{..#....L..g0.p..H....p...J.M.m[..Z-.T.-.B...<..Z.l..)b.X0.....j.r.d2....0M.].a....3. ....a....L..76....EN...5T5}.......'..SZdb...g....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARjTo7[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	19356
Entropy (8bit):	7.948589080765709
Encrypted:	false
SSDEEP:	384:NMaopAB0BYWomk1sj2+Y9+ei8azWV7BVDnVOcvfKuNqs8KmFE5bsDRkeuWTMrX0:NMP+xtNu2V9+rt+dVnVt3KuZ8dG5bsm8
MD5:	FF1D15E36A45BA83633203F3B7E2862A
SHA1:	5008B7735E8052005CE52C52C3DAFF40FAEB8F23
SHA-256:	860A18697195EA174D2B23E29AB5DA22F4B9D10616209F17AEE699E8F705FC3A
SHA-512:	6EC39298F2D7F078163472582ECCC8F99914DEBEF70A3D47BB5F05BB99A5FB0619DDAD71E24DA4F7822F3868FD1E213C1B27AAB020B6A28DE53CC70BD710DF3C
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...3g.....J.jC..,6.`M......k..h...............wc..........."6.. ...@..\|..M !.b....S.=...&...5.w<9....$G....Q{.CL..K...!.ce....!.w.:T.B...(..(_.p.J..7..R..K...3I....?..v.z.....r..\|......E....L......2%...Fi.j+W......a..\..bF.J....`-.k......03.W..g..1.....I....i.y....<.Tg9....10.0=h...=..2RU.....o..`L..3......cd#..",3..R..r..@.].2(.....`..+...........K.WQ.I.'.J.n\|..Z.Z..^

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARl0hy[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
Category:	dropped
Size (bytes):	3256
Entropy (8bit):	7.8663108680757885
Encrypted:	false
SSDEEP:	48:QfAuETAN9spRjqf01fg9c1BYEo9Mx0F/bjc44qKCGCK1+sBUsKsXMiTkE+ON:Qf7EBjk2QcE+09444qKPTMsBUtu9xN
MD5:	A16117A702AA2CC7125970EA7171DB1E
SHA1:	9557FB5F76D277E72F18B2238E83B8DB03B13C80
SHA-256:	B21617317A24495B6DE7B6F7F63D76F6D04F57338A2F92A231B93FC194425CF4
SHA-512:	E48625587E710FFDB0F218DCDDF47CF38A658B215909B466F8C3B3713A44CE29A513FC8526A08756ADE6703D235AFE32CA2DBE63BD078AAC5F1E1E337A5F4FDA
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..]B;g.$m...SH...SW...~=.}.K.R..;i.h.....5i.\.;....I..E.....I^v......'<z.Q`.U.6C#.+?h.=.....p..YK.d.....7k.......w).h.....v\....l...E..]Y..V.6.y*.L.....4....[.!..t....n...Rk.{8v9}^"o.Q...q.v...,..wWV...9.sF.1....[.m......Q]..Q.?....n.y?Z.GG....rz.........B..../....LF`o).M.B.....F.lT.]..(..A..hwA..."....1.^f$...........$.c...q...j..N.%.=...MF..B...x..'..WE&..[..B~.Y.....F

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARlJ4T[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
Category:	dropped
Size (bytes):	5803
Entropy (8bit):	7.760174772862359
Encrypted:	false
SSDEEP:	96:QfPEZqYfRLkxSMv2xALkOi62L40YjzQ6EeICCOXb5msxY9AYm1f1OLjj+Ygy:QnteRQEQ2aLkLpLpYQ8HCOrtYk1Orlx
MD5:	03E41B958B2CE9B85DF99739D9BFB1BD
SHA1:	94AD4724995A11494A4C451B22F64433A632244F
SHA-256:	9DB5B13FD53FDB6194508D8165FB4398E5C30056821F1F3BF05714C6AF002803
SHA-512:	0A45D3A5CDE8D0C2039A536A6CE91C832BFFC5859C484160B74DF353D1319AE2FEBD30135C565C500AD4E85295676630E10C371E42C8B8999A67897E3B15E37F
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..jJ9?.LG.;.3;0......i3.....4d.T..5Dh...i1!%..&...k...)..[....'...P...,.ay.8...T.uQ~.DrG.!..4K..[]..X..s..Z.!.l......J.R.....q...b.f0O...@..,ct..@.7c;b\.j.l.!.....2....L.".a.z.3....!.H.1..j.h..5..I.\.e.#.NEh.%...1.&....(z.V6..n....F...).XA...^5.5R&F.K.U...t.6j.,...-.-...P.@..-.....9?...N..c3.............v.8.....t.I..\....Sk...+Zi.).7~.`e...m4.6....ev....1.".E.}....q..(.n.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARlMfv[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	7448
Entropy (8bit):	7.523123834449348
Encrypted:	false
SSDEEP:	192:Q2/VSRNE77hResniHAR0f98TCMcXg4xXKRVmv9jUP6RVEfH8Z:N/VSRM7/iHAR0fmCBTXwVmFbRqvi
MD5:	0EFC457805D9933D79528CBF37B6CF87
SHA1:	6A893F0CD657D76B1802882F8539C52DD005FAA0
SHA-256:	F0C6D41D0FB2C506180994702FD0A3E54864D77ED329170A2C0E54F8F527F986
SHA-512:	1B079B3C0E4E0F838B3F7AD6BC5744C5263C654C8DF044DEDD30C67BBDB3EB3C9A4A0920942D42DDBC46A004102C45D4808D04BB9725E1771C231102B3939A29
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....@.....(....p...A@.@.8....M.j\.Q .I../=...PA.....w.b..*FH.@....S...dg.Rd4>.!L...@.@..%.%.-...P...%.-...P.@..%.W.1h.h.E0.P!.....@.....@...+K.N.J..h...$.(.4...S@..J.....1....R@.zP.....{P..c......M..i......EZw!..@.........P.@....(.(......(....+.......LB..Q@.(...(.zP.i...J.3H..T.(...^....M0...3@...@[..0X..4!.v....C.9\|.....?(.@.}.$...m....8 ..2...D....4.P.P.@.....(......(...).Z.Q@..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARlt06[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
Category:	dropped
Size (bytes):	2055
Entropy (8bit):	7.737309048781414
Encrypted:	false
SSDEEP:	48:QfAuETATOZXYbfiGBRwjR56tjU2peON9yCL1Hj5TkLmzf8R:Qf7EZEiGBGjb6nJHVwLmz+
MD5:	E36D48C9B814F0634087018C06CC9B22
SHA1:	B55C96D89E02F7CBEE7CC2731ABE30C73DE25B11
SHA-256:	B5AFC3D4C19BD12F278AF96F3CCC83F31F7B78A4679FED541368C67D3477156F
SHA-512:	E39BCB00B232CF416D948C4FED41201A064B88B5238C91BCB2EF1B225CCB49DEE10E11C08EC035A161A1E85529C4C0F4F89FEA77E27DFF9599130E39F2E51CC1
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..^.+..-#3...P..H..&N../cf...#..m..lq=.h.N.3.b..%......d.I..;z..A .:....p.......U.c..h.H...7vs...~m...3@.s`.u..n.T#$........i.P.FpQ.........q..%.:sUv..f.$.>....%g`.!h.....4...Y......6.........)\.H..x.X$Y#n.. ......P.P.)-..$7V..$}@.Eq=N...Y..$2J.V..i-......`L.;.j.'c...5.N....[.OqZx.....q. ...q^5.mI,Q.....W?.1R.h.>.....t...H.+.Ue{#..!.y....z.X...n..s..>.;.Nz.Qz.C...`..BP...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARluon[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
Category:	dropped
Size (bytes):	10779
Entropy (8bit):	7.939187885825493
Encrypted:	false
SSDEEP:	192:QnoyuXFXlAZMX+FScbZNTpJSFKeg+OG14uYlSeR9olYsbqVu0Xj2:0onVsMuF59UFKepZYhjvXj2
MD5:	2FFFD594494C78F318CC351DF07DC03B
SHA1:	37628AEF2493DD8416FEB90CA0FFE49436B07A7F
SHA-256:	FE623CDC070C20588BFA3A26460A8C1749B9C1D3C7B51FED903764A52B6E97C5
SHA-512:	600B470023EBF559155CCCCD9409F018F5B31F8DE44A5A3419C5C8BDA2CD8CFF447BCBCD10D4876AC3BD9D927F4126BDBDA91F3E9E6A1E15CF370FC16B586365
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....m.."z...e..I..7...U....v&..R&X.....zLd.. ln?.+.v.rFX....H./.a...z8?CW....}>9.H.....C...E..#d...%rpG..Rb/..ih.3C...Rx..\|.J....}8.C...]O...kc..3..'...~t....kY....:...8...(.9.h....W.U..l.'..ey..V....o.....}z.(.W..x.$J`..P..@..@..@..18..P..W...q.&.....r.EH.a@...d,.....B.@.....-...ZD...W+..w^.......6.....M../..d...>..~..,.*M....7..&..H.~S.9.3F.P#f1...ek./sn......fK.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARm0KA[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	11354
Entropy (8bit):	7.8268113059951805
Encrypted:	false
SSDEEP:	192:Q2B4m3VCxzol0Y6kvVscOTDBYgq3cmvgJk9otEulVDEfP3bvcklu0W:NBZtGHk9srXBY1Y69otEUVAfP3bw3
MD5:	E5E77739AB15FD9F2FD5F6CB7291679B
SHA1:	E6DDB01B76F08F4DE66987FE684FD97035F3E76A
SHA-256:	7A58AA74472C82670FFB68F862378376B3DF5B3FC83DB2094B254595AE2890A2
SHA-512:	409D424364D532368B0BA2323362C6F9431DFFEC7927445AA699257A38C07BE50F0B6AD0BD1E8BF50D6534FD3FE5E5997A626916130CEAFD7A5CADA0DCEDC8B8
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...@-...P.R....P.)..@...Z.Z`....B(.....!.P.M.%.....P.(....0.....b..4..H....(...8.`.(.qL.S.....(.).P1(.4......:....L....!.....@.4..@.@.4.(.P.(.E...)..h....mU$.P2O.K.epW. .[)c]..RN....(..-.B..wt..4....r)..P...P)..(..i....i.J@-.-!.@.............Z.(.h.........H...@.....Bb........q@....du....p.9.+.#N-.I.$HY...;Qq....9:1qo#..q.....5...0e......a@...q.)....e.H..+...N......#.f....1.a..@n...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\BB1gyTJJ[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	28511
Entropy (8bit):	7.874084579228965
Encrypted:	false
SSDEEP:	768:IdcJzEVd5QwJjGbC3WOQlHASZt8AiNw4zkb5Aj:IA0d535qCmOQlHASEpw8ki
MD5:	4DF8DD6D0F07C93CF4BDAB709C312993
SHA1:	3D7987EF7E126936328E337FD3A8E06485C4BB2F
SHA-256:	CF09AC32AAE02628FDF2FBDFC551BC13E68F2B3365E4EF52B36B35825624BFBD
SHA-512:	7BC4F8719307F5F05E86AEE0EDDAFA947CD9379036148A311A857A134E955AA228E5094410E4B9FF01047B093EE8FD953E47FAD819BA310466F3864CC9F16A13
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..8.W.<.fd ...\|G..1.A...d..f....=.o.M.$Y. ..E.<...\..w."....Q.(.......n..~[2.........m.uCc.A31.u..h...s...&J.......8.zP.{.q..K).g.?(..Z..)K)$...:......=0i.y.......i..w..n...._p,S8_j.....U.j.oA.....NZ..(c. {..........<..>J...ZB.UYK1.....A.G.@...8<Re#:.DKb.~~....30..T...*.#..L...y...v...(.'...1.zt.....`7......P....@.y.W.w..7U.F.O.jJE{..c........@..-..P!.`..J`........q@..Rw....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\BB7gRE[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	501
Entropy (8bit):	7.3374462687222906
Encrypted:	false
SSDEEP:	12:6v/71zYhg8gNX8GA3PhV8xJy4eOsEfOZbLjz:u8O9A/hSJ9lfkbb
MD5:	1FCA95AEED29D3219D0A53A78A041312
SHA1:	5A4661CCF1E9F6581F71FC429E599D81B8895297
SHA-256:	4B0F37A05AB882DA679792D483B105FDD820639C390FC7636676424ECFD418B9
SHA-512:	7E02CEB4A6F91B2D718712E37255F54DA180FA83008E0CE37080DADFE8B4D0D50BC0EA8657B87003D9BAD10FA5581DBB8C1C64D267B6C435DA48CBED3366CDEA
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx..RKN.A.}... ...e1(."le.....F\...@.."...\|... ..ld.$.(.`..V.0].ghK....]SS...J.I.<@.O.{..........:WB8~....}Hr...P.....`l.N...N.....Z...'.3..;....3.B-....i...L........b..{... ..Q.... ........L...=.d....n.....&.!..O....W1..."....gm5x....[.C.9^Q.BC.....O...../.(...\|.~.0hv..S..7.....YBn..B..o.T<.........\|.g&....U.....gm.. .....U..,.u..)\$.lN.w]Rm.......OZ.h.......zn.~...A.uy........,..........3(..........z<....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\checksync[3].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	204
Entropy (8bit):	4.753212018409155
Encrypted:	false
SSDEEP:	6:ljggS5oc/bLiuggS5oc/bLiuggS5oc/bL7:+DpxgDpxgDp7
MD5:	AA0EC763639C9094D9BE1B0D491AC65A
SHA1:	9A0E137BD9EB21908016360FBB2DAD6AED37CAE4
SHA-256:	4D2671D4C5D04438C3447C787ADF222D33AB22C91222ABB1B5524ED586B42C01
SHA-512:	9A812C4C097D864E757CE84D98542EA239150D61184E2BF1BB62EB9E97F8730ADBB96D00F95B0386FC4B93E82347450ADE2A77E5B495708C0438C7DCF5BCEF81
Malicious:	false
Preview:	Connection failed: SQLSTATE[HY000] [2006] MySQL server has gone awayConnection failed: SQLSTATE[HY000] [2006] MySQL server has gone awayConnection failed: SQLSTATE[HY000] [2006] MySQL server has gone away

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\checksync[4].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	204
Entropy (8bit):	4.753212018409155
Encrypted:	false
SSDEEP:	6:ljggS5oc/bLiuggS5oc/bLiuggS5oc/bL7:+DpxgDpxgDp7
MD5:	AA0EC763639C9094D9BE1B0D491AC65A
SHA1:	9A0E137BD9EB21908016360FBB2DAD6AED37CAE4
SHA-256:	4D2671D4C5D04438C3447C787ADF222D33AB22C91222ABB1B5524ED586B42C01
SHA-512:	9A812C4C097D864E757CE84D98542EA239150D61184E2BF1BB62EB9E97F8730ADBB96D00F95B0386FC4B93E82347450ADE2A77E5B495708C0438C7DCF5BCEF81
Malicious:	false
Preview:	Connection failed: SQLSTATE[HY000] [2006] MySQL server has gone awayConnection failed: SQLSTATE[HY000] [2006] MySQL server has gone awayConnection failed: SQLSTATE[HY000] [2006] MySQL server has gone away

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\checksync[5].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	204
Entropy (8bit):	4.753212018409155
Encrypted:	false
SSDEEP:	6:ljggS5oc/bLiuggS5oc/bLiuggS5oc/bL7:+DpxgDpxgDp7
MD5:	AA0EC763639C9094D9BE1B0D491AC65A
SHA1:	9A0E137BD9EB21908016360FBB2DAD6AED37CAE4
SHA-256:	4D2671D4C5D04438C3447C787ADF222D33AB22C91222ABB1B5524ED586B42C01
SHA-512:	9A812C4C097D864E757CE84D98542EA239150D61184E2BF1BB62EB9E97F8730ADBB96D00F95B0386FC4B93E82347450ADE2A77E5B495708C0438C7DCF5BCEF81
Malicious:	false
Preview:	Connection failed: SQLSTATE[HY000] [2006] MySQL server has gone awayConnection failed: SQLSTATE[HY000] [2006] MySQL server has gone awayConnection failed: SQLSTATE[HY000] [2006] MySQL server has gone away

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\medianet[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	412168
Entropy (8bit):	5.486628897915568
Encrypted:	false
SSDEEP:	6144:zCGkYqP1vG2jnmuynGJ8nKM03VCuPbDX9cJBprymD:81vFjKnGJ8KMGxTGrymD
MD5:	369D61EF6285C70F2636B0962611E12F
SHA1:	AAD44C8A03F7A151C0C748DB562647CC68978B6B
SHA-256:	C825235692887C41D74901FA744DD6EE61AF7B9FA017C35173FF2FF7D89EBA52
SHA-512:	A2F376D46A12A9673DC2E9E72CDB4333C6660FD8F82A9A6ECAD0DC8E340E1AE853CD5F23519A4F967F6C75C30DA6648A80C4E242211D4429EEAAC031A8DB8E95
Malicious:	false
Preview:	<html>.<head></head>.<body style="margin: 0px; padding: 0px; background-color: transparent;">.<script language="javascript" type="text/javascript">window.mnjs=window.mnjs\|\|{},window.mnjs.ERP=window.mnjs.ERP\|\|function(){"use strict";for(var l="",s="",c="",f={},u=encodeURIComponent(navigator.userAgent),g=[],e=0;e<3;e++)g[e]=[];function d(e){void 0===e.logLevel&&(e={logLevel:3,errorVal:e}),3<=e.logLevel&&g[e.logLevel-1].push(e)}function n(){var e=0;for(a=0;a<3;a++)e+=g[a].length;if(0!==e){for(var n,r=new Image,o=f.lurl\|\|"https://lg3-a.akamaihd.net/nerrping.php",t="",i=0,a=2;0<=a;a--){for(e=g[a].length,0;0<e;){if(n=1===a?g[a][0]:{logLevel:g[a][0].logLevel,errorVal:{name:g[a][0].errorVal.name,type:l,svr:s,servname:c,errId:g[a][0].errId,message:g[a][0].errorVal.message,line:g[a][0].errorVal.lineNumber,description:g[a][0].errorVal.description,stack:g[a][0].errorVal.stack}},n=n,!((n="object"!=typeof JSON\|\|"function"!=typeof JSON.stringify?"JSON IS NOT SUPPORTED":JSON.stringify(n)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\medianet[2].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	412168
Entropy (8bit):	5.48665617963191
Encrypted:	false
SSDEEP:	6144:zCGkYqP1vG2jnmuynGJ8nKM03VCuPbIX9cJBprymD:81vFjKnGJ8KMGxTFrymD
MD5:	B9E3061F2BE431FB202D1F48550FF4E2
SHA1:	1D9EECFCD30B2E7255B5C6933EAFECEB337432E5
SHA-256:	812F84A6222346F9CD85312A34B846BAA4A8E971A777CA35BF9C8359A39E006E
SHA-512:	CCBEBCF193B7102118D8C561C48813C6BC86D68F22CFC7B49281605B16BB0563021F024D2A697EFB1CDDC00822C4E6FE0F3A14E37EF13A01E8866D49E6BD9678
Malicious:	false
Preview:	<html>.<head></head>.<body style="margin: 0px; padding: 0px; background-color: transparent;">.<script language="javascript" type="text/javascript">window.mnjs=window.mnjs\|\|{},window.mnjs.ERP=window.mnjs.ERP\|\|function(){"use strict";for(var l="",s="",c="",f={},u=encodeURIComponent(navigator.userAgent),g=[],e=0;e<3;e++)g[e]=[];function d(e){void 0===e.logLevel&&(e={logLevel:3,errorVal:e}),3<=e.logLevel&&g[e.logLevel-1].push(e)}function n(){var e=0;for(a=0;a<3;a++)e+=g[a].length;if(0!==e){for(var n,r=new Image,o=f.lurl\|\|"https://lg3-a.akamaihd.net/nerrping.php",t="",i=0,a=2;0<=a;a--){for(e=g[a].length,0;0<e;){if(n=1===a?g[a][0]:{logLevel:g[a][0].logLevel,errorVal:{name:g[a][0].errorVal.name,type:l,svr:s,servname:c,errId:g[a][0].errId,message:g[a][0].errorVal.message,line:g[a][0].errorVal.lineNumber,description:g[a][0].errorVal.description,stack:g[a][0].errorVal.stack}},n=n,!((n="object"!=typeof JSON\|\|"function"!=typeof JSON.stringify?"JSON IS NOT SUPPORTED":JSON.stringify(n)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\nrrV52461[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	91348
Entropy (8bit):	5.423638505240867
Encrypted:	false
SSDEEP:	1536:uEuukXGs7ui3gn7qeOdillEx5Q3YzuCp9oZuvby3TdXPH6viqQDnjs2i:aKiw0di378uQMfHgjV
MD5:	9C4A60B2332E94D3BFF324BD8DF61A31
SHA1:	6245D60C273E175D3EC798CE8ABB65AD75F24E09
SHA-256:	8C38115211EB4E291CE6F38629C8AEE0F882EBED06B66F3DB3D6587C1EBDF52F
SHA-512:	31830D8DE79206C5C5B178DBC798D3A2AF597BA14D9075EE25CC82B096083B180B0B41CB5DC24640AC2A8329575102A3D724DA1F4307DDFB57DBC5C64A873817
Malicious:	false
Preview:	var _mNRequire,_mNDefine;!function(){"use strict";var c={},u={};function a(e){return"function"==typeof e}_mNRequire=function e(t,r){var n,i,o=[];for(i in t)t.hasOwnProperty(i)&&("object"!=typeof(n=t[i])&&void 0!==n?(void 0!==c[n]\|\|(c[n]=e(u[n].deps,u[n].callback)),o.push(c[n])):o.push(n));return a(r)?r.apply(this,o):o},_mNDefine=function(e,t,r){if(a(t)&&(r=t,t=[]),void 0===(n=e)\|\|""===n\|\|null===n\|\|(n=t,"[object Array]"!==Object.prototype.toString.call(n))\|\|!a(r))return!1;var n;u[e]={deps:t,callback:r}}}();_mNDefine("modulefactory",[],function(){"use strict";var r={},e={},o={},i={},t={},n={},a={},d={},c={},l={};function g(r){var e=!0,o={};try{o=_mNRequire([r])[0]}catch(r){e=!1}return o.isResolved=function(){return e},o}return r=g("conversionpixelcontroller"),e=g("browserhinter"),o=g("kwdClickTargetModifier"),i=g("hover"),t=g("mraidDelayedLogging"),n=g("macrokeywords"),a=g("tcfdatamanager"),d=g("l3-reporting-observer-adapter"),c=g("editorial_blocking"),l=g("debuglogs"),{conversionPixelCo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\otBannerSdk[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	325178
Entropy (8bit):	5.3450457320873355
Encrypted:	false
SSDEEP:	6144:7Kk89fToixHtGt3mBC4VcW3fUAbJ7Kz0yzGO:acixHMPzfJ
MD5:	56B5E93BFB078B9EEF2BA41DB521EA9B
SHA1:	A61A4949BCBCA6B8148CC6821D7CF88FBD90062F
SHA-256:	B8603101616C7960752244D2EC66D2A845BBE0094B83E7CC2877880A3A93402D
SHA-512:	C10E26F5C9B66E1FA82926AD43C7C70EDF00D3BEBE376DA674B325FB34EDB47EDF490BF84457BBC085BBFA1AF37D92F20067AA46B1334D623D2AE80B66810C02
Malicious:	false
Preview:	/** .. * onetrust-banner-sdk.. * v6.25.0.. * by OneTrust LLC.. * Copyright 2021 .. */..!function(){"use strict";var o=function(e,t){return(o=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t){for(var o in t)t.hasOwnProperty(o)&&(e[o]=t[o])})(e,t)};var v,e,r=function(){return(r=Object.assign\|\|function(e){for(var t,o=1,n=arguments.length;o<n;o++)for(var r in t=arguments[o])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e}).apply(this,arguments)};function a(s,i,l,a){return new(l=l\|\|Promise)(function(e,t){function o(e){try{r(a.next(e))}catch(e){t(e)}}function n(e){try{r(a.throw(e))}catch(e){t(e)}}function r(t){t.done?e(t.value):new l(function(e){e(t.value)}).then(o,n)}r((a=a.apply(s,i\|\|[])).next())})}function p(o,n){var r,s,i,e,l={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return e={next:t(0),throw:t(1),return:t(2)},"function"==typeof Symbol&&(e[Symbol.iterator]=function(){return this}),e;function

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\otSDKStub[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	19145
Entropy (8bit):	5.333194115540307
Encrypted:	false
SSDEEP:	384:7RoViYMusfTaiBMFHRy0I2VMwG4JRuIKBf:7aViMsffBMnktf
MD5:	0D2A3807FB77D862C97924D018C7B04C
SHA1:	9D17F3621001D08F7B98395AC571FC5F6CDA7FEF
SHA-256:	75DE71E7FEAC92082AF2F49B7079C0B587B16A5E2BB4DABDA7E7EB66327402FB
SHA-512:	409ABCD5E970CAFF9F489D3E7F3D9464B2C5189118D2D046CA99E42CEC630C2C65B30397B8A87C3860E3426CF9F7E0A5F86511539CA9D9AEDA26C74CA9055922
Malicious:	false
Preview:	var OneTrustStub=function(e){"use strict";var t,o,n,i,a,r,s,l,c,p,u,d,m,h,f,g,A,b,y,v,C,I,w,S,L,T,R,B,D,P,_,E,G,U,O,k,F,V,N,x,j,H,M,K,z,q,W,J,Y,Q,X,Z,$,ee=new function(){this.optanonCookieName="OptanonConsent",this.optanonHtmlGroupData=[],this.optanonHostData=[],this.genVendorsData=[],this.IABCookieValue="",this.oneTrustIABCookieName="eupubconsent",this.oneTrustIsIABCrossConsentEnableParam="isIABGlobal",this.isStubReady=!0,this.geolocationCookiesParam="geolocation",this.EUCOUNTRIES=["BE","BG","CZ","DK","DE","EE","IE","GR","ES","FR","IT","CY","LV","LT","LU","HU","MT","NL","AT","PL","PT","RO","SI","SK","FI","SE","GB","HR","LI","NO","IS"],this.stubFileName="otSDKStub",this.DATAFILEATTRIBUTE="data-domain-script",this.bannerScriptName="otBannerSdk.js",this.mobileOnlineURL=[],this.isMigratedURL=!1,this.migratedCCTID="[[OldCCTID]]",this.migratedDomainId="[[NewDomainId]]",this.userLocation={country:"",state:""}};(o=t=t\|\|{})[o.Unknown=0]="Unknown",o[o.BannerCloseButton=1]="BannerCloseButton",o[

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\17-361657-68ddb2ab[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1238
Entropy (8bit):	5.066474690445609
Encrypted:	false
SSDEEP:	24:HWwAaHZRRIYfOeXPmMHUKq6GGiqIlQCQ6cQflgKioUInJaqzrQJ:HWwAabuYfO8HTq0xB6XfyNoUiJaD
MD5:	7ADA9104CCDE3FDFB92233C8D389C582
SHA1:	4E5BA29703A7329EC3B63192DE30451272348E0D
SHA-256:	F2945E416DDD2A188D0E64D44332F349B56C49AC13036B0B4FC946A2EBF87D99
SHA-512:	2967FBCE4E1C6A69058FDE4C3DC2E269557F7FAD71146F3CCD6FC9085A439B7D067D5D1F8BD2C7EC9124B7E760FBC7F25F30DF21F9B3F61D1443EC3C214E3FFF
Malicious:	false
Preview:	define("meOffice",["jquery","jqBehavior","mediator","refreshModules","headData","webStorage","window"],function(n,t,i,r,u,f,e){function o(t,o){function v(n){var r=e.localStorage,i,t,u;if(r&&r.deferLoadedItems)for(i=r.deferLoadedItems.split(","),t=0,u=i.length;t<u;t++)if(i[t]&&i[t].indexOf(n)!==-1){f.removeItem(i[t]);break}}function a(){var i=t.find("section li time");i.each(function(){var t=new Date(n(this).attr("datetime"));t&&n(this).html(t.toLocaleString())})}function p(){c=t.find("[data-module-id]").eq(0);c.length&&(h=c.data("moduleId"),h&&(l="moduleRefreshed-"+h,i.sub(l,a)))}function y(){i.unsub(o.eventName,y);r(s).done(function(){a();p()})}var s,c,h,l;return u.signedin\|\|(t.hasClass("office")?v("meOffice"):t.hasClass("onenote")&&v("meOneNote")),{setup:function(){s=t.find("[data-module-deferred-hover], [data-module-deferred]").not("[data-sso-dependent]");s.length&&s.data("module-deferred-hover")&&s.html("<p class='meloading'><\/p>");i.sub(o.eventName,y)},teardown:function(){h&&i.un

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\4996b9[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 45633, version 1.0
Category:	dropped
Size (bytes):	45633
Entropy (8bit):	6.523183274214988
Encrypted:	false
SSDEEP:	768:GiE2wcDeO5t68PKACfgVEwZfaDDxLQ0+nSEClr1X/7BXq/SH0Cl7dA7Q/B0WkAfO:82/DeO5M8PKASCZSvxQ0+TCPXtUSHF7c
MD5:	A92232F513DC07C229DDFA3DE4979FBA
SHA1:	EB6E465AE947709D5215269076F99766B53AE3D1
SHA-256:	F477B53BF5E6E10FA78C41DEAF32FA4D78A657D7B2EFE85B35C06886C7191BB9
SHA-512:	32A33CC9D6F2F1C962174F6CC636053A4BFA29A287AF72B2E2825D8FA6336850C902AB3F4C07FB4BF0158353EBBD36C0D367A5E358D9840D70B90B93DB2AE32D
Malicious:	false
Preview:	wOFF.......A...........................,....OS/2...p...`...`B.Y.cmap.............G.glyf.......,...,0..Hhead.......6...6....hhea...,...$...$....hmtx............($LKloca...`...f...f....maxp...P... ... ....name............IU..post....... ... ............I.A_.<........... ........d........................^...q.d.Z.................................................................3.......3.....f..............................HL .@...U...f.........................................\.d.\.d...d.e.d.Z.d.b.d.4.d.=.d.Y.d.c.d.].d.b.d.I.d.b.d.f.d._.d.^.d.(.d.b.d.^.d.b.d.b.d...d...d._.d._.d...d...d.P.d.0.d.b.d.b.d.P.d.u.d.c.d.^.d._.d.q.d._.d.d.d.b.d._.d._.d.b.d.a.d.b.d.a.d.b.d...d...d.^.d.^.d.`.d.[.d...d...d.$.d.p.d...d...d.^.d._.d.T.d...d.b.d.b.d.b.d.i.d.d.d...d...d...d.7.d.^.d.X.d.].d.).d.l.d.l.d.b.d.b.d.,.d.,.d.b.d.b.d...d...d...d.7.d.b.d.1.d.b.d.b.d...d...d...d...d...d.A.d...d...d.(.d.`.d...d...d.^.d.r.d.f.d.,.d.b.d...d.b.d._.d.q.d...d...d.b.d.b.d.b.d.b.d...d.r.d.I.d._.d.b.d.b.d.b.d.V.d.Z.d.b.d

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\55a804ab-e5c6-4b97-9319-86263d365d28[2].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3278
Entropy (8bit):	4.87966793369991
Encrypted:	false
SSDEEP:	96:Oy9Dwb40zrvdip5GKZa6AyYs9vjxWCKTS2jQt4ZaX:zqlipc6vxLCSCbZaX
MD5:	073E1A67C16B7E2B0F240F20BAC53174
SHA1:	778663FBA0201814BE193EB38E4F9D8875F322ED
SHA-256:	886E0D5D43DFB17D92EB8C5C80AB0671ED9DE247EC4AD9D71B358F32F7613287
SHA-512:	97FA869A8BE850E759BDB5AAA0E850B787358CC4EED55796F6B51D1AFD5B6B25CF7A6FAC5FCD67AA9588876F208D40449ED94886046177B6FEAA083743B01696
Malicious:	false
Preview:	{"CookieSPAEnabled":false,"MultiVariantTestingEnabled":false,"UseV2":true,"MobileSDK":false,"SkipGeolocation":true,"ScriptType":"LOCAL","Version":"6.4.0","OptanonDataJSON":"55a804ab-e5c6-4b97-9319-86263d365d28","GeolocationUrl":"https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location","RuleSet":[{"Id":"6f0cca92-2dda-4588-a757-0e009f333603","Name":"Global","Countries":["pr","ps","pw","py","qa","ad","ae","af","ag","ai","al","am","ao","aq","ar","as","au","aw","az","ba","bb","rs","bd","ru","bf","rw","bh","bi","bj","bl","bm","bn","bo","sa","bq","sb","sc","br","bs","sd","bt","sg","bv","sh","bw","by","sj","bz","sl","sn","so","ca","sr","ss","cc","st","cd","sv","cf","cg","sx","ch","sy","ci","sz","ck","cl","cm","cn","co","tc","cr","td","cu","tf","tg","cv","th","cw","cx","tj","tk","tl","tm","tn","to","tr","tt","tv","tw","dj","tz","dm","do","ua","ug","dz","um","us","ec","eg","eh","uy","uz","va","er","vc","et","ve","vg","vi","vn","vu","fj","fk","fm","fo","wf","ga","gb","ws","gd","ge","gg"

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AA6wTdK[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	550
Entropy (8bit):	7.444195674983303
Encrypted:	false
SSDEEP:	12:6v/7jGhB1J/EfQCF2bAVNvYxZxdgQ+JIy9XD5hb6Fg9a6:ZJOf0APgfG+o1oFgc6
MD5:	6468CE276C808DA186AEF8AA10AB8DCC
SHA1:	F11A97DE272DAE4A61EC9990DEA171EFCF39B742
SHA-256:	CF782CC89F554E9ACF21D36909F6AC19DDE218BF0250179B48CDAB67728912B8
SHA-512:	6439670A62A38D289374812D5DACCE219D01E19F5CC4CEC4105F72BA703BF70078FC92DFD2A2C43669AA78EE8D03121E234E53DD3C73DF6CFB984049CE36370C
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx..R.O.Q.=...Z.mq0-0`M....t...0qqjM.... .tq.&R..p...$......0P.R'.M.A.#......=H.(1......s..}.oGOC.:.M.&..S>...W.....t...^..}......b.F6.R..,.PN...n...@_[...4.+.]..-4K...54........w.....r{..3...9W.~.>;.G@.F...Q.Bx..AW....J.g\|.B.q../..._M...T.4.....j.G......}B7..`..B1.!...w3.hW.....+...p...D......&,#.h...D........T.....V...H..`...,,..........Qb.h..g.a~<..............K.p,...\|......@S.l5.?.r).&....<{ad3.P.,M...H..W........SI%.WX.q>..8.....Z.V.n.U.......\..... ..7....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAMqFmF[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	553
Entropy (8bit):	7.46876473352088
Encrypted:	false
SSDEEP:	12:6v/7kFXASpDCVwSb5I63cth5gCsKXLS39hWf98i67JK:PFXkV3lBKbSt8MVK
MD5:	DE563FA7F44557BF8AC02F9768813940
SHA1:	FE7DE6F67BFE9AA29185576095B9153346559B43
SHA-256:	B9465D67666C6BAB5261BB57AE4FC52ED6C88E52D923210372A9692A928BDDE2
SHA-512:	B74308C36987A45BC96E80E7C68AB935A3CC51CD3C9B4D0A8A784342B268715A937445DEB3AEF4CA5723FBC215B1CAD4E7BC7294EECEC04A2F1786EDE73E19A7
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx....RQ......%AD.Vn$R...]n\.........Z..f.....\.A.~.f \H2(2.J.uT.i.u.....0P..s..}.....P..........l.....P.....~...tb...f,.K.;.X.V...^..x<.b...lr8...bt.]..<.h.d2I.T2...sz...@.p8.x<..pH...g:...DX.Vt:.......eR..$...E.d2I..d..b.R.0...]. .j...v..A....j......H...=....@.'Z^....E\|>..tZv".^...#l.[yk(.B<j..#.H..dp.\..m....."#...b.l6.7.-.Q...l6.<.#.H.....\\|.....>/^.......eL.....9.z.....lwy.....g..h?...<...zG...c\d......q.3o9.Y.3.\|..Jg...%.t.?>....+..6.0.m.....X.q........IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARkL8h[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	9123
Entropy (8bit):	7.913864579468599
Encrypted:	false
SSDEEP:	192:QoLz6er02KZU5SQ6lw554KoxySuYhQ8DeR+cdiA9q7/e:bn6pZUT6lw+1uYi8yocbp
MD5:	578B116678B72272439230A0C549BFC6
SHA1:	8BE6E8A2A519A70AB9CCA1BDA753C4CB8DA01D69
SHA-256:	CAC42425E1B679517E84258E10633CA542A9AB1C6511F547B0A4A45372824E2D
SHA-512:	F53886EE798F50C35184133DE55493FF83842C515BDB96574FD72A57592528B84BC283369E12EF8BF9D78B1F7E80D9C1B284CB08D221ECF142DE496C8800B72E
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....S..b.....#..?..?Jcg.R.P.@........z.`..Q@.@.@....P......0.@.@..!....8...@b....-_.X~.......=..i..ZB25....`...(..?.."..8...j.........c.-..&....4......t..c......7....;,w.......R.reN..H..'WS.....9?Z.m.(.........(.E...-............2s..X.R3(rpx...6....(...1.....:.3<b......@...<Mj...T.u^%.~.nc....+........\5..'.z.X.K.........D..Kn.....(.....K!....a.....3~.b}......._..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARlNEA[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	25557
Entropy (8bit):	7.890712621033468
Encrypted:	false
SSDEEP:	768:IGbQD7DTOsNFKciKw7fOIZucZz56e1IhoMFxlS:I7D7H3Spr7fVZZz531KHlS
MD5:	A204DC197046409012D95FCFD2F804D8
SHA1:	6018513305B0F74F6065AC89380FF3222B52A9FE
SHA-256:	CB82F8E195A6FB6A048349BFC701A4698FC180DCCFB7C9CCE0F131A71E4CDA91
SHA-512:	123219631949099A9BE3BD317B398EBEE84CF5421B0C01918D97F21E63FDEF29810FFEBEBF21747BBAF4A114926731D7245139200F62C93C598C95F501853E1B
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...s0...........P..0.A@......-.-...P.@.......P.@.......u....j$..=...."...q..Bb..>Q...S-..6kb.95.-..F8.......<U"Yj"..D2bj..Q.qE.M.*.h..AC\.b....4.C.\.@:6!.).KF....k...#a........5.........(..........(..BP0.....!.b..).(.(........(.(....!h......(....A@..-...P.@.@.....(.h..A@....Z.(...Y.)f<P3.Y...?.d..R..\.H.....`.U.W.\..D..o...R"..fP...H.E8.D...J......H.....s....Zc.1J.b.d.8.l......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARlOdR[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	43687
Entropy (8bit):	7.969225527069889
Encrypted:	false
SSDEEP:	768:I+hYeHsSsmVSPRyrT1evonfQrS2mEItVjSj48Q4OQl88j9+hLI2:I+FMS8Mf1eWIrS2mBVjSU8j88EE2
MD5:	7E294C6F8BDD4CB3A97E18D1F19D5D67
SHA1:	01576D3E144E7E8A3BAB9F4F571EEABAD8CB3A92
SHA-256:	71226FFB7996D891601262EE523358711BD6228B6DD5CBCBE981BC63A1C68F15
SHA-512:	ED3D574ADFA38A95BE73BB1AC7B2705687068AA69DACB8AA2B1E0549BB09E66EBD5F278340CD52249153BAB58E98116FD16A52DB2AF854F8328E0573DE5D259A
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Cm.....'R......q...^..X.9...F$.an........T......mI".i.H..........UZ.i.=...."...m..dw.....%....n'..k.bI!.h..'v....jy......r$.8...#../.F?.TL5...k...u#s..C..U.....Ev..b..;.x..MJ.I.B.Ob4w^....\...).B..O..`,'..P.'...I.5 \.\|......5..p..L..N*%...X.s.}..-#M.....QF....Ukid.R.Q.>k..S.;.....a..\|;.........:..GRx...dV8S;...Z?.]M...VF.D........d..?.Cp_7.p.6....G0XQh.C..!...<.t..,/..D..S

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARlY5u[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	8847
Entropy (8bit):	7.92872951747314
Encrypted:	false
SSDEEP:	192:QoIu5JEY0X3wbR71MLGhj3zAaUX7mIRfh6buRh7GSS6G8NNBd:bIu5JnO3wfgG5zOhNh75S6G2
MD5:	55AB93058C68A6E73DA3ECC8BD20A676
SHA1:	934FBA89D0F813FE652ED149E3722337E27E5594
SHA-256:	0AB05AF1DDDED42EB51CA2B9E63D0CDF550D75B3E0BBB2527FAB4B13596715D1
SHA-512:	C4B5E6CBF7EEDBC9E47DD864A7D98841FBD10A07AF4E79E21465BE6968A8664C8B516BFB92D0137ECD5BF72066A022D3F194802B2188FB8731E64DD423CF5AFF
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..T...Z..Z.9...Dc.!.z..v...Z.r.."b..d....g.h..q..7.L...a\....?.H..M$..%............1..P....8.h../.i.O.2H5.SN.;(..9....2....)..n.<1......._...te..0..)...>V....u.....................{.L..pp...."........a..1.q...U'a4t....k.....n.X...R.*.=q).B.j.n..X`..(.!.....c...~..3....;.R..6\|...."q.8.z.......-G....9.S".t....B@..I.f......~..2c.PN.N;.S.z.lRnV.}.......(#4..$....n)..K.....g

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARlk9e[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	12249
Entropy (8bit):	7.956964427811286
Encrypted:	false
SSDEEP:	192:QotBbKURPJzPwN2zeqm1uFdjHH+AxjuuTl9yPHHUVDFEHgY02hq5EGWLc8CNwuoE:btBbKY5M2CqFFhUufQHUVDF+A5EGWA8U
MD5:	366C30F6D8E2BB55F6E205E2CDE0D050
SHA1:	696CE40E44016525957F3B97C8E2956FA2485C3F
SHA-256:	B00CCA86CAD14B89A75B8B59ED62891C20F869009FF31F82068F2E4A669EBBA3
SHA-512:	3EA7E3C753CD471FB729213775501BDF2F0FFE997FCBA3F96C69254F47CBEDA4A291C8587C77C095D2F3FA76167B473E7B229F5F0A32EE7587C36C6FF9D321CF
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.Lb......(.D...JW...s.H.Q\Yf.l......O....B..S._...A.........fm.......5?..h..............-....:..BR..%....TP...0.v.z.z....8.D.&>.)..`.."...c......".f.....rD.(@.i.Oa\....wFE..Dm "2.8M.9.Z.6o.d..{.->.H/.8...?.....bH..$w.F.0L#.~.-F.2.v.....P(.a....r=.....z.*.../...\|....?A.......%..o..Gz...)..T)....-...(.Kw.`B.4e...c.....:.z3.MwRw,nX.s.......O..cK...(O.[s....Y........e..@.`..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARlmVR[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.949340933037777
Encrypted:	false
SSDEEP:	384:N+gPPP9TWGxoxsFLXqPIHKaFFvr0BFxM+Yr9nxQBuLH:NfnPEOoxsFLXqPGLluxMnfQB6
MD5:	D3221B6BE6AC204663C8AD2095756C57
SHA1:	74EF52722F924E4289B83D6A2BCA3EE2F9FE87B8
SHA-256:	D1177AA2D9C644C3AE5A1571DA4DA613F9F9597C758699F57ED04D6D4FD1A74D
SHA-512:	8488B3DA5BCDD8EF3B43870967320A8FBB4D3420581C4CAEE318AFF11A088F4C069F25D684A78882C5982A4499AF15FEA9227BAE6B6AF354B6E4A4326F82F11F
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....u.......=i0:+2f..j...b..aZ...2..4.9z.cD..%..2i.w`&.rk..Ty aQ.+..!.H..B..?.4....k.j...iv....=.J1WlM.&...V.I.........6.=..B.d.xSY..mw.X.5Ds.....i.5C.Se/...1W..-\|B.9..6..F3[H..d.xX..v.:b.#.s...)...F.@..1.4...b......r.c.@.......@......F..ez4.k..\|...`......2].3XT...bj2..).E&d.s.nfG@.^...7jE.@.Q].:<.2vE....}...3w.jD!......L..7W{...m....u+..1.-..<%q4...l.F...F}k...".m..;]

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARm1Gs[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	28102
Entropy (8bit):	7.964779445035527
Encrypted:	false
SSDEEP:	768:Ne7EasR4/2EVj4anOnRBZrfCRWbB1zXExGF6KaDajuqvEin:NgsRc2JVrfCCXEWIlqMK
MD5:	0F4FA917421E275C28C184302D26CA14
SHA1:	7BF475813898F175F254596D123DC66DAF611343
SHA-256:	8B8266F23049264186EBE13144D27ABC4BF13C3B24B50DCA313A8477077F2DD9
SHA-512:	64FD6882A34EF2DDA72E844480A4FE1F4D8EBE86EAB642D4D37439CB714896926F065DD917C6819D3B1F4E09837EF1063A71E0E0789844473A781C3CA80E3C4D
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..-.......e.3...j...{. .I=....R.B%;lY..8.k..............N[.....`.v#.]..@.d......&.~.he....;...z.ij.am.i".iHDA.#....Q.K..S*.#.....iro.0Y...^C.RAS....{1.........s.\|..$...J......c.2\?.P(\|.hL%.R...t].g;0..U..4.z.e..jd...1.M1.>.wGR.6''....K2.ql..H...t$..C...^v.5...{y..)..x.Z..._f.VHQ.A.LG...,....u]&..{\..{'V....E..X......o9..q.tS....C.os..#X.dE...1.sUII..QZ......b.9...H....L...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARmagQ[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	20107
Entropy (8bit):	7.951244765932356
Encrypted:	false
SSDEEP:	384:NG3/LTABK52Mf7gtcQQ2w0Fo0THLsES73OAbVLJjK6Ra/c2Iz:NY0Dtc2w0+mLrS7zb9Ju6RaS
MD5:	E8202CFAE2B12C62D5ECB40E2740E900
SHA1:	6B48D115B1C44021546F85E4199C0CDA594A5765
SHA-256:	1DFF560E572A3C04531DA0812BC153F9114C32C16FA4016ED6AF2D54C79C6C13
SHA-512:	24F55720D13C34AE9C3B268EE2B921CA79CCB8D404790A77D690B4CB58C60261795BFE426E162D080948A99CB10F052717A01FDB8212A67CADC059C380AAD3BB
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..'n.d...F...r[2.l..ZE>... ..a..@...3c....XH+..5B.6..n.t.....:&.E. .9...3...g%..{..+5.e..I..g.:..s.x.(.I..\|..G#...i.s{D.m..L@.+....z..FP]A.{.....1...=...\....VI%.L..{..;....#L2.O..pJ.i..J..6.B[&..."b...\X.^I...Z!'.7.d.!)....[:.hG&.T......Yk-Y[.FCc.9JLl...Bz.W\..0V....W...D.+jf2#N....yd.8..j..F.R..b6.....4+..9&..,k....+7.h.....E\a]...-../&...u<.j..2a..x......t.....$3~.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARmqzU[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	21964
Entropy (8bit):	7.9578746567637815
Encrypted:	false
SSDEEP:	384:NNC/kcyWndMiqgSJsFp10qnn90Tg3I1bTQYm0tEIFrTyr8TrAbRDJ4O8J0mN:N8kcbWLJ+p1Vnn90Tg3ep3MCgDm
MD5:	48FF0856C4879F586A2A8EAE3D611BF7
SHA1:	4C3048405D65634930622E23A07DB302D25CAEB1
SHA-256:	4329EADAE80A32A888FEB28D169924B25E65FAAABCEB4811A26D557448C2473E
SHA-512:	55BBEBD4AF16886B49ED7B8AF0CE053177B458DEA23D7A01FB33DDB9C3DD7DF83DB4049602E32BA67DB5D7FD105D035434981042D2BDB3F39615B11E61912164
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..B......^h....N.q8...p.........$... ..@.s..n;.,..... .a.@....jlZ.@.C....P.H.11RP....47.......jF....Dd.l.\..,z..KV)5.vrws+\I,..s.+iFJ6>rU!R...[p...EL...S.vv.s.CZhe{........-.d.Y4..s.5..}]`.P`gs.I..Z.C......L.v(..i...5x..H.....@...+...L...C...Fi....).q.h....^)....G..C..5@......i...Bc.C.(.4.CB.I.4...E.......4.i..M+..&..H_,.R.I...R.V..'.....l,D..Q.......f@.....G?LQq..f.^Th......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAuTnto[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	777
Entropy (8bit):	7.619244521498105
Encrypted:	false
SSDEEP:	12:6v/7/+Qh6PGZxqRPb39/w9AoWC42k5a1lhpzlnlA7GgWhZHcJxD2RZyrHTsAew9:++RFzNY9ZWcz/ln2aJ/Hs0/ooXw9
MD5:	1472AF1857C95AC2B14A1FE6127AFC4E
SHA1:	D419586293B44B4824C41D48D341BD6770BAFC2C
SHA-256:	67254D5EFB62D39EF98DD00D289731DE8072ED29F47C15E9E0ED3F9CEDB14942
SHA-512:	635ED99A50C94A38F7C581616120A73A46BA88E905791C00B8D418DFE60F0EA61232D8DAAE8973D7ADA71C85D9B373C0187F4DA6E4C4E8CF70596B7720E22381
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx.]S]HSa.~.s.k...Y.....VF.)EfWRQQ.h%]..e.D)..]DA.%...t...Q.....y.Vj.j.3...9.w..}......w...<..>..8xo...2L..............Q.....4.)../'~......<.3.#....V....T..[M..I).V.a.....EKI-4...b... 6JY...V.t2.%......"Q....`.......`.5.o.)d.S...Q..D....M.U...J.+.1.CE.f.(.....g......z(..H...^~.:A........S...=B.6....w..KNGLN..^..^.o.B)..s?P....v.......q......8.W.7S6....Da`..8.[.z1G"n.2.X.......................2>..q...c......fb...q0..{...GcW@.Hb.Ba.......w....P.....=.)...h..A..`......j.....o...xZ.Q.4..pQ.....>.vT..H..'Du.e..~7..q.`7..QU...S.........d...+..3............%m\|.../.....M..}y.7..?8....K.I.\|;5....@...u..6<.yM.%B".,.U..].+...$...%$.....3...L....%.8...A9..#.0j.\lZcg...c8..d......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\BB1gyWh5[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	22695
Entropy (8bit):	7.810298738669907
Encrypted:	false
SSDEEP:	384:I/t2lp812AN13D4+f3G7VE3flChB9HKqXOymBVBWzTk1Uvhp3c6:I/uWAOEZelChB9H5ZOIz73z
MD5:	67E55E01B3746273C0D6440E0229464B
SHA1:	B0EFBEF2F457E3C497F77D9ACEFE845CD9446801
SHA-256:	4441E3858AFDA9EA55051473DF78DD2F23BF21CAD83492CBFF9C032CEBA1F657
SHA-512:	3FD344D0FF4B05BC3FCCC7CD291C5E93841DD620097AC82B5338663A2013DE39463C8E73A51C0DF504553646D9CC5C2721BEAB7B97576B3CE070017BA01CFCBA
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....`V.a..c.....;...P..i....r?!w...H..Q.s..d......L.HpFH.(.>y..8...9Q.bS.P;..b.....BU..G....-.\......a.....u;q@.6.....c.........~`...p..^h......(..G.=.."vQ..P.`.y..@2x..,.d.VS..H,E#......B0\....l.....0D`.^(.'.$.).b.C..-L..#...=).X..0(.../=rh........ \|.@..'..@..8`@...........}....v.c.....z.!.g.....$.(...).U_\S..E+.AH.!.a.p(.0... ...;.0G..i..2$#s..h.....T.Xd..v0.U.A.._.z.R.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\BB6Ma4a[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	368
Entropy (8bit):	6.811857078347448
Encrypted:	false
SSDEEP:	6:6v/lhPahm7HmoUvP34NS7QRdujbt1S+bQkW1oFjTZLKrdmhtIargWoaf90736wDm:6v/7xkHA2QRdsbt1pBcrshtvgWoaO7qZ
MD5:	C144BE9E6D1FA9A7DB6BD090D23F3453
SHA1:	203335FA5AD5E9D98771E6EA448E02EE5C0D91F3
SHA-256:	FAC240D4CA688818C08A72C363168DC9B73CFED7B8858172F7AD994450A8D459
SHA-512:	67B572743A917A651BD05D2C9DCEC20712FD9E802EC6C1A3D8E61385EB2FEBB1F19248F16E906AF0B62111B16C0EA05769AEA1C44D81A02427C1150CB035EA78
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+....."IDATx.cy. ..?...\|.UA....GX...43.!:.o(f..Oa`..C...+Z0.y......~..0...>.....(....X3H.....Y....zQ4.s0....R.u.t..\|....)....(.$.`..a...d.qd.....3...W_...}....;.........4.....>....N....)d........p.4......`i.k@QE....j....B....X.7....\|..0.....pu?.1B,...J..P.......`F.>R..2.l.(..3J#.L4...9[...N....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\a5ea21[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	758
Entropy (8bit):	7.432323547387593
Encrypted:	false
SSDEEP:	12:6v/792/6TCfasyRmQ/iyzH48qyNkWCj7ev50C5qABOTo+CGB++yg43qX4b9uTmMI:F/6easyD/iCHLSWWqyCoTTdTc+yhaX4v
MD5:	84CC977D0EB148166481B01D8418E375
SHA1:	00E2461BCD67D7BA511DB230415000AEFBD30D2D
SHA-256:	BBF8DA37D92138CC08FFEEC8E3379C334988D5AE99F4415579999BFBBB57A66C
SHA-512:	F47A507077F9173FB07EC200C2677BA5F783D645BE100F12EFE71F701A74272A98E853C4FAB63740D685853935D545730992D0004C9D2FE8E1965445CAB509C3
Malicious:	false
Preview:	.PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D..M..............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q\|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq\|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\cfdbd9[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	740
Entropy (8bit):	7.552939906140702
Encrypted:	false
SSDEEP:	12:6v/70MpfkExg1J0T5F1NRlYx1TEdLh8vJ542irJQ5nnXZkCaOj0cMgL17jXGW:HMuXk5RwTTEovn0AXZMitL9aW
MD5:	FE5E6684967766FF6A8AC57500502910
SHA1:	3F660AA0433C4DBB33C2C13872AA5A95BC6D377B
SHA-256:	3B6770482AF6DA488BD797AD2682C8D204ED536D0D173EE7BB6CE80D479A2EA7
SHA-512:	AF9F1BABF872CBF76FC8C6B497E70F07DF1677BB17A92F54DC837BC2158423B5BF1480FF20553927ECA2E3F57D5E23341E88573A1823F3774BFF8871746FFA51
Malicious:	false
Preview:	.PNG........IHDR................U....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6......tEXtCreation Time.07/21/16.~y....<IDATH..;k.Q....;.;..&..#...4..2.....V,...X..~.{..\|.Cj......B$.%.nb....c1...w.YV....=g.............!..&.$.mI...I.$M.F3.}W,e.%..x.,..c..0.V....W.=0.uv.X...C....3`....s.....c..............2]E0.....M...^i...[..]5.&...g.z5]H....gf....I....u....:uy.8"....5...0.....z.............o.t...G.."....3.H....Y....3..G....v..T....a.&K......,T.\.[..E......?........D........M..9...ek..kP.A.`2.....k...D.}.\...V%.\..vIM..3.t....8.S.P..........9.....yI.<...9.....R.e.!`..-@........+.a..x..0.....Y.m.1..N.I...V.'..;.V..a.3.U....,.1c.-.J<..q.m-1...d.A..d.`.4.k..i.......SL.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\otCommonStyles[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	20953
Entropy (8bit):	5.003252373878778
Encrypted:	false
SSDEEP:	192:LIsia0zYw49vRn4l7cWQjRkmSxoU/4OIZZTg8l9Qonnq3WwHpUkG4HfeXiPcB2jk:HRc7fQxNGoFBlCHcXaivSYBQY2YpuML
MD5:	E4F88E3AF211BD9EA203D23CB0B261D5
SHA1:	6067E95844B3E11A275ADD0B41D7AD3F00A426FD
SHA-256:	E58322F14AC511762E2C74932104D7205440281520CF98E66F15B40AA8E60D05
SHA-512:	B2C8870B61E9132DC7D7167F50F7C85BFE67EAC6DA711BDF0B9C85EB026249A95E8D67FFB0699934EAA304F971E44F0180E8578AFD8353943154FCE689690B76
Malicious:	false
Preview:	#onetrust-banner-sdk{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}#onetrust-banner-sdk .onetrust-vendors-list-handler{cursor:pointer;color:#1f96db;font-size:inherit;font-weight:bold;text-decoration:none;margin-left:5px}#onetrust-banner-sdk .onetrust-vendors-list-handler:hover{color:#1f96db}#onetrust-banner-sdk:focus{outline:2px solid #000;outline-offset:-2px}#onetrust-banner-sdk a:focus{outline:2px solid #000}#onetrust-banner-sdk #onetrust-accept-btn-handler,#onetrust-banner-sdk #onetrust-reject-all-handler,#onetrust-banner-sdk #onetrust-pc-btn-handler{outline-offset:1px}#onetrust-banner-sdk .ot-close-icon,#onetrust-pc-sdk .ot-close-icon,#ot-sync-ntfy .ot-close-icon{background-image:url("data:image/svg+xml;base64,PHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB3aWR0aD0iMzQ4LjMzM3B4IiBoZWlnaHQ9IjM0OC4zMzNweCIgdmlld0JveD0iMCAwIDM0OC4zMzMgMzQ4LjMzNCIgc3R5bGU9ImVuYWJsZS1iYWNrZ3

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\otFlat[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	12859
Entropy (8bit):	5.237784426016011
Encrypted:	false
SSDEEP:	384:Mjuyejbn42OdP85csXfn/BoH6iAHyPtJJAk:M6ye1/m
MD5:	0097436CBD4943F832AB9C81968CB6A0
SHA1:	4734EF2D8D859E6BFF2E4F3F7696BA979135062C
SHA-256:	F330D3AE039F615FF31563E4174AAE9CEAD8E99E00297146143335F65199A7A9
SHA-512:	3CC406AE3430001B8F305FA5C3964F992BA64CE652CCABD69924FE35E69675524E77A9E288DDE9BCF697B9C1C080871076C84399CDFAD491794B8F2642008BE6
Malicious:	false
Preview:	.. {.. "name": "otFlat",.. "html": "PGRpdiBpZD0ib25ldHJ1c3QtYmFubmVyLXNkayIgY2xhc3M9Im90RmxhdCI+PGRpdiByb2xlPSJhbGVydGRpYWxvZyIgYXJpYS1kZXNjcmliZWRieT0ib25ldHJ1c3QtcG9saWN5LXRleHQiPjxkaXYgY2xhc3M9Im90LXNkay1jb250YWluZXIiPjxkaXYgY2xhc3M9Im90LXNkay1yb3ciPjxkaXYgaWQ9Im9uZXRydXN0LWdyb3VwLWNvbnRhaW5lciIgY2xhc3M9Im90LXNkay1laWdodCBvdC1zZGstY29sdW1ucyI+PGRpdiBjbGFzcz0iYmFubmVyX2xvZ28iPjwvZGl2PjxkaXYgaWQ9Im9uZXRydXN0LXBvbGljeSI+PGgzIGlkPSJvbmV0cnVzdC1wb2xpY3ktdGl0bGUiPlRpdGxlPC9oMz48cCBpZD0ib25ldHJ1c3QtcG9saWN5LXRleHQiPnRpdGxlPGEgaHJlZj0iIyI+cG9saWN5PC9hPjwvcD48ZGl2IGNsYXNzPSJvdC1kcGQtY29udGFpbmVyIj48aDMgY2xhc3M9Im90LWRwZC10aXRsZSI+V2UgY29sbGVjdCBkYXRhIGluIG9yZGVyIHRvIHByb3ZpZGU6PC9oMz48ZGl2IGNsYXNzPSJvdC1kcGQtY29udGVudCI+PHAgY2xhc3M9Im90LWRwZC1kZXNjIj5kZXNjcmlwdGlvbjwvcD48L2Rpdj48L2Rpdj48L2Rpdj48L2Rpdj48ZGl2IGlkPSJvbmV0cnVzdC1idXR0b24tZ3JvdXAtcGFyZW50IiBjbGFzcz0ib3Qtc2RrLXRocmVlIG90LXNkay1jb2x1bW5zIj48ZGl2IGlkPSJvbmV0cnVzdC1idXR0b24tZ3JvdXAiPjxidXR0b24

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\otPcCenter[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	48633
Entropy (8bit):	5.555948771441324
Encrypted:	false
SSDEEP:	768:VwcBWh5ZSMYib6pWXlzZz6c18tiHoQqhI:VwqZYdZz6c18tySI
MD5:	928BD4F058C3CE1FD20BE50FE74F1CD8
SHA1:	5CBF71DB356E50C3FFCB58E309439ED7EB1B892E
SHA-256:	6048F2D571D6AE8F49E078A449EB84113D399DD5EA69FB5AC9C69241CD7BA945
SHA-512:	1E165855CEF80DDFBE2129FA49A0053055561ADEFF7756DE5EA22338D0770925313CCB0993AD032B95ACE336594A5F38E9EE0F0B58ADFE1552FE9251993391C1
Malicious:	false
Preview:	.. {.. "name": "otPcCenter",.. "html": "PGRpdiBpZD0ib25ldHJ1c3QtcGMtc2RrIiBjbGFzcz0ib3RQY0NlbnRlciBvdC1oaWRlIG90LWZhZGUtaW4iIGFyaWEtbW9kYWw9InRydWUiIHJvbGU9ImFsZXJ0ZGlhbG9nIj48IS0tIENsb3NlIEJ1dHRvbiAtLT48ZGl2IGNsYXNzPSJvdC1wYy1oZWFkZXIiPjwhLS0gTG9nbyBUYWcgLS0+PGRpdiBjbGFzcz0ib3QtcGMtbG9nbyIgcm9sZT0iaW1nIiBhcmlhLWxhYmVsPSJDb21wYW55IExvZ28iPjwvZGl2PjxidXR0b24gaWQ9ImNsb3NlLXBjLWJ0bi1oYW5kbGVyIiBjbGFzcz0ib3QtY2xvc2UtaWNvbiIgYXJpYS1sYWJlbD0iQ2xvc2UiPjwvYnV0dG9uPjwvZGl2PjwhLS0gQ2xvc2UgQnV0dG9uIC0tPjxkaXYgaWQ9Im90LXBjLWNvbnRlbnQiIGNsYXNzPSJvdC1wYy1zY3JvbGxiYXIiPjxoMiBpZD0ib3QtcGMtdGl0bGUiPllvdXIgUHJpdmFjeTwvaDI+PGRpdiBpZD0ib3QtcGMtZGVzYyI+PC9kaXY+PGJ1dHRvbiBpZD0iYWNjZXB0LXJlY29tbWVuZGVkLWJ0bi1oYW5kbGVyIj5BbGxvdyBhbGw8L2J1dHRvbj48c2VjdGlvbiBjbGFzcz0ib3Qtc2RrLXJvdyBvdC1jYXQtZ3JwIj48aDMgaWQ9Im90LWNhdGVnb3J5LXRpdGxlIj5NYW5hZ2UgQ29va2llIFByZWZlcmVuY2VzPC9oMz48ZGl2IGNsYXNzPSJvdC1wbGktaGRyIj48c3BhbiBjbGFzcz0ib3QtbGktdGl0bGUiPkNvbnNlbnQ8L3NwYW4+IDxzcGFuIGNsYXNzPSJvdC1saS1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\52-478955-68ddb2ab[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	396900
Entropy (8bit):	5.314138504283414
Encrypted:	false
SSDEEP:	6144:WXP9M/wSg/5rs1JuKb4KAuPmqqIjHSjasCr1BgxO0DkV4FcjtIuNK:YW/fjqIjHdl16tbcjut
MD5:	635C7C1B8F0A7A5B28EECA13824ABA3C
SHA1:	84340599D2873DCCED885061C40C89DE26228F3A
SHA-256:	C1478CDAFDCA1FC46CF5BC326FD291913C4922D53D97291612F9243626950FBF
SHA-512:	8B65EBEE5CC15558654151B73B5610126A4AF19DF20EE7DD80F0AC3A46089487F846114C3336F9A457D6545A900EC24CDD6B7752E990FAF3A78BF7C269ADBF6F
Malicious:	false
Preview:	var Perf,globalLeft,Gemini,Telemetry,utils,data,MSANTracker,deferredCanary,g_ashsC,g_hsSetup,canary;window._perfMarker&&window._perfMarker("TimeToJsBundleExecutionStart");define("jqBehavior",["jquery","viewport"],function(n){return function(t,i,r){function u(n){var t=n.length;return t>1?function(){for(var i=0;i<t;i++)n[i]()}:t?n[0]:f}function f(){}if(typeof t!="function")throw"Behavior constructor must be a function";if(i&&typeof i!="object")throw"Defaults must be an object or null";if(r&&typeof r!="object")throw"Exclude must be an object or null";return r=r\|\|{},function(f,e,o){function c(n){n&&(typeof n.setup=="function"&&l.push(n.setup),typeof n.teardown=="function"&&a.push(n.teardown),typeof n.update=="function"&&v.push(n.update))}var h;if(o&&typeof o!="object")throw"Options must be an object or null";var s=n.extend(!0,{},i,o),l=[],a=[],v=[],y=!0;if(r.query){if(typeof f!="string")throw"Selector must be a string";c(t(f,s))}else h=n(f,e),r.each?c(t(h,s)):(y=h.length>0,h.each(function(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AAPFmi4[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	846
Entropy (8bit):	7.686542726414513
Encrypted:	false
SSDEEP:	12:6v/7cM4j39Et8keaWbqx5608BcA5Anj/HwvwFxobkq4vIkOR3+XOq9zo7pZEz:1MAES35OxE0CAHDFxrEkU0tzo7p2z
MD5:	6F93C3616FBC7B9E97E87E718DF27B14
SHA1:	33F4B22E6C3DC6E9A2BDE8BECC3FC20D2F90A1B3
SHA-256:	DFCE8AE7B7C17FE90C55D7EE093936137DD0528FC4CC5BACDB5ED071FD2E312E
SHA-512:	99599A61F4D2FE8F28F32DDD62239E6FF86A68249A59D5B56AFF1F5D76B41FA841C20890C6BD943078CFBFC807CEDB1711499657866B7C259CC20C55D675D737
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx...]LSg....=-x....!......'.H.).$c].xc.7F.,r.eK.x...hf.[.D..}...%.nj..D...H......@[(.~p.......n..=..o.....G......V..n>J..p.`,....g1m..ZjK@.VHV..Bst.B.1..z5$M.q..q..0.ug.5l.P. K..Cq.\|....k....]l..p..0..[1.4n......z..it..H.0.O...B...,!..[........`.k..d..'..~...7S.X(....&...,.&R..UU...L6s._8....D.=.. 2.7w...9....!...J...<.q....}r...\|.#...GB.....u....u.....b9l......%lb......LGQ..G."a....[..B...sYdM.!.A...7vv.J$x..U.H(9..d.....U\8....N...9....N..U\=9....2SmG......s,&.b.3........7...,..[.......Eb$.=w...x8M:..*z....b.2..8f#.-"....~-."......E.S.Q.....[(.D.........zB...z.^.H_.]U.9h......N^..4f0M.....%.An.xin....4.....7..^[...w'./......:.2nw....L...J.......N5W..5.q.......}..wT........,.R.N;4W:x..e.U...j. ...)/.dj#.d.._.je.x...@."_.@z.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AAPwrS4[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	573
Entropy (8bit):	7.438664837450848
Encrypted:	false
SSDEEP:	12:6v/7NzFouDfSmgPEBv2aglxp1ATFlmASPBk3YRRiRHTu9L2p3A5k/1:mpouDft7v9IGpg5k3YRRCxAc
MD5:	BD4DAB976E44AB21C770DE6EBC9F620C
SHA1:	61D80892172A51C39CB605065CD7971D093EFF16
SHA-256:	9EB1FDAB9D3AFBEC190C1BDD7172F14B427BDD0222230302C7C7B7068CF3B39E
SHA-512:	3D24557B9626115E897C191200AEF0F7044FADC33CFC35B30A291A2BA5BF547A33B087E8C14E1BA947B14E48D2D0E3593BF38995140AE2E978845A850A2E9B1B
Malicious:	false
Preview:	.PNG........IHDR................a....pHYs..........+......IDATx...KkSQ...$..I....R.-VJ..Vp.DG...:.s'......p.D..EPD..VZ...Zl\|..M.p.{R..Y69....k..oT-e..aQ..qj...z.j..H"..$..L.O.6..._....&.N...........e.....Z..@.....D...?....D......@.$lo..+...U......t...N....;.h6...9!.....J....._.eF.;....1P..]X...K0<.%..7..3...Cp.Oe.....H...k.l.A&..(...&.B@.[`e.]9..ba.....0T.?'..Y....V...@....JG:...rAk..n'".Qp_}.j..hV[WD...?...../kA..I.{....G.....%.....B......y....O..j~...E.6wH{.T.AC.y.l. ..'.7...i.....D......'....!p..b...U.?{.....i.c......&.)....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlAXA[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
Category:	dropped
Size (bytes):	47841
Entropy (8bit):	7.888478769037165
Encrypted:	false
SSDEEP:	768:I8z3lUpH7r8WV3RziR2bvz3/W1GvmU/L5/girHGvrWjdBXiB6J9Vy/gLMJDrXamA:I8z3+h/ZV3xiR2X/UUNVBXixgYJ/O
MD5:	5A202D316270FE5C61E76FD64123CB49
SHA1:	D4E21887B048C7206EDC7C77814854C0E44716FC
SHA-256:	2D53A045AC74C4F569011108FFC8641118B0B0C40354DBB14A9379F2723AA564
SHA-512:	0D77D47E34D099B47A219BAFC79503FEB0DD2A165FA561BE2C4D2BF7F6E16DCE8C832822A55F5A6C3CD22747072E111D48062DD5610DCCF13D544DCCD896FB39
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Z.....%...q.....".W=..M.8....1..(.rN3.@.F..h..F(...s...K....{.I\b.G.....!..#..P..y..h...........@..I.4......~..,,,..jq.....o..;..1.=...Q.4...?1@.G.....`.......^...4..........OOz.....A..+...n....F:..@...N1..C ..{P.....t..\t.(.......9........V...A@.X.....(8..{P...L.?J.7.H....f...p.'...o.....C.&.h..g ..J.nO..Gz.].N7....K...;.....?.....h.Jp..@=..e-....=...'..9.P...x#.4....wr

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlK6L[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	11226
Entropy (8bit):	7.941284943853362
Encrypted:	false
SSDEEP:	192:QogOKUA9IJ5ztR79xNpSc1g1tbpT8bKi03OZHjiKsSHy5mn7gXSWsOqhereHeNC3:bgGVHxL510F58bKT3OoKI5mnkvsO5CeM
MD5:	8D9D60F40D226A1B91B1D82B4E197364
SHA1:	1D33CB602EC3A64596A1B88920B0CA9DB66913AA
SHA-256:	B9FE618C81EABA2B88F98A805D75920936FD2953DB7BCE28FDA6E108B2AD4918
SHA-512:	594744FBFCDDB63A910E91F0066B49BC0DF4EB70DC79AD6C18CB8409D1833024DFB6959F890BEA8A37C20722F2D7F38436DB8A94A2001692419C4DCA9B57479B
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...^T.".;..Q.e..W1lZB..3......[E.uae)..D..KC...dc.MM.>...-.. .@..D...)..9.C.w.N...i.E#..IJ.hmh`(4.".]@8..L.4....qo....c...q.-m..W.OH.vQ.7..H..........A.[.(....+..:.j..,.s.x.c...9.0.>.H..ea...&..I..r.;.U.I..nF.....q..j.......Ha.we..0x.=.J..x.)$.zA#HaW..d.Z.;.\|.......%.#i.i.).:..+.Q.KV...l..kE...9..Y..y.X.x.....-..*T..[.A,(....NA..T.-...7.,X...TbJ.@'...h...zrO

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlKWc[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	11978
Entropy (8bit):	7.9600358558795925
Encrypted:	false
SSDEEP:	192:QoLuGlgWXfF/kQWSJfGti5QTR2Ht+SFyGeHy+AMXXRF/7VGGXShMhmZXbeU:bLDldWSknTIN+SFYS+AQX/XCWhUF
MD5:	DCAAC6130178287D76BEE0375179566C
SHA1:	3FC6252AD8A892A59D1BDB8FB460F87A17473EE7
SHA-256:	B93BBCE0B5F29D5420F5519D99516B957998350AF3CBFC80C1340D07E8257625
SHA-512:	B2C619CDBF0B8EF391BFC2BDA9CD1326313F58185E886E5115EFE602A32CB2CD0FBE0270828DDED8894CB794D297E4E6C4B7FF76D00CF279A5D5932C6A23468B
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..P.... ..H4..A.."..A...@.h.........4.9.a....!y......P!q@...........3O.,....t....;3..-....8x...z/.E..........E.q?."......?.!........,...?:,..\|Ag....`.............g.......g....f....?..0...............p......\_.O....m..\|~tY...v...........@\_.O..........\_.O..@\_.O..........(.?....q..V.._....h...q.k.T...>^.aS.)..m.(lQ.z.O....x.7.pz=....Y.....P.....{*M...J..fd.XI.G

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlKcO[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	11445
Entropy (8bit):	7.957939092044028
Encrypted:	false
SSDEEP:	192:Qo1Yk9AknYUOJh0GvvO3KSWoCVJTsf+Ytji1NWTw8F+Mqpukk:b1Yka3zvmXWhV+lpirWkU+XDk
MD5:	C4B164FE46F51EBA4B41349287181C25
SHA1:	A6750F61141BCAA71D03CC2135CBEF79395B377E
SHA-256:	781B819F8341A1B8A41719780A7E4F83973DC9FE76A5D47F57BF76169E7D0A9D
SHA-512:	5357F90B159E8FFA5E59FC7F1C152D590A549126C3763CB2668CE7895F7DD9B83876D562E4729D2C0639960FAD4410567963D8947C811778F63F94ECCAA9495B
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..%l.....r.....d...L..w=^.5.b...@.!.@...%.%.!... .......[.>.HL.U+.a.s.]....Hfe...DV......r@z.M.R;.k..w..G......,..-..1...../Q=.;\|.8.6r....oL.QH.PA.2.#....c4..y.......<--.+..X....?...+.%cz...AL...)X..(...i..@.&..4..P./@..;Nj....#:...%..5.Hf\|z\|..p9.5B%..5..-.........$..O.k.x....0I.a.m].....X....1.^..R..j.L.m.+.xs..1.>..4.h.......b.D.w:.v...P2..b ..a..H.a....Bh....u.(.....P{..+..j.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlT6t[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
Category:	dropped
Size (bytes):	8328
Entropy (8bit):	7.915593342509179
Encrypted:	false
SSDEEP:	192:QnvJ5morbGSbK7BBBg0xN8vQsqZfMr4emfo0pwPWm0x3:0TmOKMyngs1RfMMeJZU
MD5:	29C676224DC6893AEEDDEACAB54FE70B
SHA1:	87EF23553EEC495CE0312365D227137A0B4C047D
SHA-256:	B39EBEF7EF6B62A38005BA21B6972E718BE8480E56491C2BD2BCABBBF0C8E219
SHA-512:	95D0B1C35C54304899EE1ED6B53688478A9D930E65B9C8E3F122A9B05AD94CA9647AB91BF2F0F196574FD1CDC557213DA6B176BC0F59FD87ABE539DD2B0E0296
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....Q...j.r3.h.J.1....C.......d..4....J.F...`9.^R........:^...).R@.x.c.P...........L./@.-@..@.&..-@.M....L....9.kdT...._..f..\|X?yz.}....s.....1.....B(.1H..@..@.h.m...........x..Yr3.h.J.1....C.......d......i...KU..5.1j...@0.>....{.,..fH....g..E..k.....rp..Q9.t0....o.-..c...&...sh...FL.r[.Ic1..V....l(.j.H..{n....0.w.Mi.&r.B...Ff..Oap`.U.....z.M./SJt..4QYm^L..,@...J=.......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlU0z[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	28257
Entropy (8bit):	7.970929748720004
Encrypted:	false
SSDEEP:	768:NxEdxjimjWJi0O/fWSBLW/VuHYj453h6xKwQ99:NWKJDO/EjoAxKLT
MD5:	12AFA60C6BFF7191CCBFE07C15E77BE5
SHA1:	3732E2ED2152788559F5CE3659F5AC1675B51C8D
SHA-256:	9DF0E6C72F4D9C326FCDA6931E206E278115CF9E36031263D82C14CC4913A882
SHA-512:	19127CD90B6D4FAED95BE6BD896B84DE7AC1CE1AF58B8211DC2D3A17CF7CD1BC425420DB1272BD090970EA7A0988069CF94F85A340829E78A0355527906F2777
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.........8..z..qKT"./..L....pz.Z.<lY]......xC.A.Z...P.q."=.5..........c..?..4..W.....!.v..l...zp...IZd.E...b..J2...+..=..e....X..Ym.\|.Ul.U.;.....\..:.jiH..3ZL."p.H...i.z~U.].r...N....r.o4.h...V.*9.;neZ...Yt.I...G..8....U..-h...R..`...>.p+<E..E.&..>....Z..&. .@..b..d."..L$..cDh.....>..i3..<....=..EB..q.x.E@?..+J..ivANN0~e{ V.?6...8.C...E....uq.2\|.u.WE7t..Ef.A.2Go).

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlvai[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	14111
Entropy (8bit):	7.89289989781908
Encrypted:	false
SSDEEP:	192:Q2Q2t9+Uoxlv8TlvIFQkLIMbouLsFAeE48smmu/Yw+MArbSaO4S4mbp8kqnYuQKQ:NXqvWlvISkx348s4/il1KK9lQKL3RS
MD5:	6D0C7FFEE5417674B7C4D1D3E54A3DEC
SHA1:	8B69B16B2FA981515069374BCECED8905FDCDDD1
SHA-256:	5C15D4AF4856CBA27C1E4AE8D118979555871BA05B78CCD4FC6EDF48A87B39B3
SHA-512:	EE93DC5EAF2D121317BE90A4AB011FB6FFFE4722C4CB419AD00E30393E284D6E946D651E5081876506AB107FDE9CC24CF994DE7A1A10FCDC8B9E283E7CF709C9
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Z.u.4.....P...}(.O.?J.z..P..J.A...(.........k:.......p.......P!......,.(.2.2.QY.Ze.v.`......w.t..uAhsOr..Z..i....n....S./......0.BS....L@.#* %......!R... ..".\|..e;..oP.d..@....P.h...v......G.....J.q...@.O....8P.GZ.st..G........'.Z........p.b. .bP.h....K.J....".....QI.&....2....v...OZ.D4...F.)..(.O.(a..b....%0....c...e..t_.L..-#...`..I..'.S.i..j[\.N...............@..E.%..@...9.@.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARm3Az[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
Category:	dropped
Size (bytes):	11277
Entropy (8bit):	7.706577543740176
Encrypted:	false
SSDEEP:	192:Q2HVIja85wTt5jEzB7S5cljcIZB/Y23jEMaNzBinVjj59L/lR5G7qds+92:NHKja8uSlIMc0/Y2EKn9FRD5G7Us+92
MD5:	ACA2AE200D9C82D4C26215F1A004CB6D
SHA1:	0301B1E2CEA12E01B907D42BB612945313864E39
SHA-256:	4C7839B338CB8A34E323BDD513226E6C521FED55BB81709714E0E79CB36394B9
SHA-512:	1900C825746860015E6EE8E6E262586790211078D7613A053B4DCD876B4BC510DEFE9EA53DAE55C9F7B745FE71BE18ADFF182135B10BE20F707FF1D858168524
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.mlb..P.@.0..;...Z@%0..?... .....GO...G.......a./....d...........SIt.......7....qS...Q!S......]~..........4=.......^...?-........P..?..M....1....(..........Jc......E.............&(.b..PHP.@....;P.@.9........z.....Nw................w........@.../...G7.o..`....0@>.....g.-.............uB.....g..:..]......_......o.....(.P.................B(......&(.1@...LP...LP.....(...@.j.C@.._...Bv.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARm6Wm[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
Category:	dropped
Size (bytes):	10309
Entropy (8bit):	7.946896625768144
Encrypted:	false
SSDEEP:	192:Qn3ROtVV1XbHn8Pex6a6AFn7ImndigaQEKsKmSm98Rwndv+yPPc5l8smSV:03RUVfXTn8Pex6a6AqmndZvEKsJSmRnA
MD5:	17BC523859EB009B1963A75AA1D27BDA
SHA1:	B715DA62529FECCE34DC2A2622FFC22FE1E3E30C
SHA-256:	940E999C8593520243A673BD7176F44C1850E1C7AE6412193A5E4337BDD065A1
SHA-512:	CDAAF6BB7CC4B054D8DCEA801FE8D66EAF1513E07776CD2658C7F15F79B01A045AA852BDD16606F71DE2D625D1ACE86E2D8876DDE69DBA04F427E719D9F9A3AC
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..t..}..]u..1...&.81....y.....qz.73E.#yc....6..k..r2..pz..I.o)#wJ....=...N...t.kF..<...V..x.d.8........>...ut...R...1.94A.[.In.~...d...]....2..:.bX...l...k...R95..S................=...............o......Dw.\$..c...O...W..+.U...K.('......v2.;G.!RrG.j...(.....Kw.1.d..0G\|.'..".W..W.....`.u.............Wv&w..q4..r......q.T.....wV...F5..XY.<...9..W$.bU.V....A.!.br.f......ji..b

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARmbBr[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	7097
Entropy (8bit):	7.854871847471743
Encrypted:	false
SSDEEP:	192:QoAb6sTsA6sVwJ8gSq8zTTbAsJuQN6SJLirL5:bUpT6EwJLozXuW6V
MD5:	CFAF2D02A2CE69A88B7A9C7568A8D9BA
SHA1:	36597D8F034534C2E56CF3EEC5D90CD25B8F3821
SHA-256:	349958F48882EDC780B1E9B98AEE16A68AA89DBE5772EF95795A05A93DF07A58
SHA-512:	7C28915F6CF749D745AA295297D12DF6D163ACB368CBC63777C8C2995705A001A7AC43F340146DF3A6FD0EA3A39E03F992822C4C775E8AB928B044C1A0282805
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..+RB..`..Z.).P.H......(......).P.H......(.....`...@-...P.(.h........(......(......(........P.@.0.H......).R.h.....`- ......(............- ..J.)...e...P.@.@....P...@..........1J.a..q....+r..A`....,-0..J.(........e...P.@..-...P.@.@.....{g.@..?..~..h..K.~`..m..j..j....8#....M..f..v....;..Mj..BX..9.\,V.9..!...B...8.0..E+..a.j...(......#.............P.@..-.....K..Rq..)H.1$.-....Af...'M..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARmdP1[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	3332
Entropy (8bit):	7.023865909080042
Encrypted:	false
SSDEEP:	48:Qf5uETAAwayYe7R0X/jsJEFxXpUZMhFHkOaotdTkXTC8D8Zl90:QfQESeX/QqFxXpiicAR4TPYZle
MD5:	F3A4BDE457B3B12B70ECA3724C9A597D
SHA1:	5F25A0E1B73298184CA6CD2052445AA3399385F5
SHA-256:	8E8127EE05A1B8C629B0E515066C9D3E8835BC0AD7134628CE6D3BAA887754DE
SHA-512:	44976E5314C6C8E654AFD9B0EAF45C54D6BD55EFE88F8E28D47B9373A34DF2819374C0EA7D8FF420B55B95D7A2B9BD311D5FC33E86D0EEFF4208A9F3B8A38311
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(......(......(......(......(......(......Q@.@....P.@....P.@....P.@....P.@....P.@....P.@..l..>..4..V.B...(......(......(......(......(......(.GZ..-..o%.2.h.D.ch-.R..(......(......(......(......(......(.......u.,.......r...OTr5.r....P.@....P.@....P.@....P.@....P.@....P...9..V..s..AI..eF.N..l.k.:?.EYQ.V.........t...&.. .....(......(......(......(......(...............O.c]^6:0..=..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARme8P[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	8757
Entropy (8bit):	7.928252207713864
Encrypted:	false
SSDEEP:	192:Qowi2Ds10/lV0TF3Ug+Uh76SCmIXp3wSvO+u37F8Tls:bwBDL/oTFkhUxINwoe7F8K
MD5:	53E0465B08A1A1C55590DE1A377E695E
SHA1:	309E1542443C8ADFBD79FF68D7442A40A3AA4112
SHA-256:	48FA0FC3EB7666CDFE06043DA99800613B9F16B9739B73ECBE112F4E7E444A34
SHA-512:	90FEBF7104903550529A7994E03AA01666B815444581F6F9AA1F256DC4E92E9E473B83C0F680FD6EBBE07661FC348B42A772B05B7A650560EA8854B24646D284
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..% 5;.\|Cp.c$0...O.....+....AY.......j....\|....sb...j.p..4....)...`....$....m. ..4a..C..6.Hl...h.+.d..x..j."......^HF.W.....8...:sV....VI!..L.t..7R.X\|.w..sQ'dkF<.H.v..q.I.Q.....A...~qR..v...?@r..j..cy.6..>.rk4z.ee.c.d"..Z.......h.8...Td0......$.D...... 4.+d.\|.2.85.CHx..V."..1.T.=.<..A.j.9..i..k[.Q..9=...-..?.j"..(...E...X.,e.....8.b.E{.....".5H.K.<U.H.L.w.kN....=H.....J..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARmger[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
Category:	dropped
Size (bytes):	11165
Entropy (8bit):	7.952720665479278
Encrypted:	false
SSDEEP:	192:QofUT98WTOALnIoSJfPsbN5qaTuot2CEE96IRDhD5iuWriqG/t1ZWOuDLxKnoH76:bfUT98iOwIoS5PsbN5qacHE9JDNWCVrt
MD5:	5569435E24021161E5537D6E151302B1
SHA1:	70C044A067C3CFCB9C529E65BD1FB7ACDAD5A8FB
SHA-256:	CF4B1A74D642B6845A5EDF8D1EEED9E2FD6EBD019292610EDF293F3C656926EF
SHA-512:	0781EF9C639EB0BB39047D8EC16F5CC91C6045A1A0960BAC331436EDC803293E5E1A4909E098DE517C6707F8688AE3C3E75E047540CEA0515E661606B1EB14B9
Malicious:	false
Preview:	......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...L@h.(....@.Uwq.h..p.FI4\-r6.1V..pA.E.(..........Z.Z.....$(.A...".0...T.....Y{O{..ritu7.J./..(....&./..C...V..."[.Y.,t.q.]T...Mu2.s!..(.i7a.F.I..4.ni.R..bXP.P.@..A%..pB.I#mPH.?SJN.i\.m.Vk`!.Y.:s........9......x........q.~....uT...3..-. ...}.....}j.vBq..F..i...Z.(.....@.kDH...~...M5.... p.2?...ms#jO..G2Mq.u...5.t.....S..........q^.4.N);.......I-.y....!......Q..m..b.".K.@.@.

Static File Info

General
File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.16007617391323
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	mATFWhYtPk.dll
File size:	460288
MD5:	70798426016c93e3d52363c8a902333f
SHA1:	02f29a5c7e7f8230b86d26b36757c1aaa968dde7
SHA256:	5e3bcb83c60c7d06d42822afe1d36c3b0f866ef678935c5903cda936009713a1
SHA512:	4f8b8eb30ae59f4d167a5ee4cf0cf48f569765dcd999cbab7bfb2c6d46225b9675a5d73998ecb75481d6503b9f4a0a8023341ab3ea0b564ba294d82c5a2d400b
SSDEEP:	6144:31v9X/WHuR1R0bB5HKg0EWBe0uCvn7DOPnAOEiZguxc16uoSr4j7G63up9A2:31J/WHlN5HKcWEMn70TxnuF+jKx
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l.I.l.I.l.I...H.l.I...Hql.I...H.l.I...H.l.I...H.l.I...H.l.I...H.l.I...H.l.I.l.I7l.IY..H.l.IY..H.l.IY.xI.l.I.l.I.l.IY..H.l.

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General
Entrypoint:	0x10014b4e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x10000000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x61A8FF66 [Thu Dec 2 17:16:22 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	479782c40538d0c8b72b2791f9b6cfc8

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007F77109DFF67h
call 00007F77109E036Dh
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007F77109DFE13h
add esp, 0Ch
pop ebp
retn 000Ch
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 100393E0h
mov dword ptr [ecx], 100393D8h
ret
push ebp
mov ebp, esp
sub esp, 0Ch
lea ecx, dword ptr [ebp-0Ch]
call 00007F77109DFF3Fh
push 10048714h
lea eax, dword ptr [ebp-0Ch]
push eax
call 00007F77109E366Eh
int3
push ebp
mov ebp, esp
and dword ptr [1004C858h], 00000000h
sub esp, 24h
or dword ptr [1004B00Ch], 01h
push 0000000Ah
call dword ptr [10039198h]
test eax, eax
je 00007F77109E010Fh
and dword ptr [ebp-10h], 00000000h
xor eax, eax
push ebx
push esi
push edi
xor ecx, ecx
lea edi, dword ptr [ebp-24h]
push ebx
cpuid
mov esi, ebx
pop ebx
mov dword ptr [edi], eax
mov dword ptr [edi+04h], esi
mov dword ptr [edi+08h], ecx
xor ecx, ecx
mov dword ptr [edi+0Ch], edx
mov eax, dword ptr [ebp-24h]
mov edi, dword ptr [ebp-1Ch]
mov dword ptr [ebp-0Ch], eax
xor edi, 6C65746Eh
mov eax, dword ptr [ebp-18h]
xor eax, 49656E69h
mov dword ptr [ebp-08h], eax
mov eax, dword ptr [ebp-20h]
xor eax, 756E6547h
mov dword ptr [ebp-04h], eax
xor eax, eax
inc eax
push ebx
cpuid

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x491b0	0x8a0	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x49a50	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4e000	0x22a48	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x71000	0x2cbc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x456d8	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x39000	0x2fc	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x3758c	0x37600	False	0.53513861456	data	6.64921372375	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x39000	0x11a90	0x11c00	False	0.49326034331	data	5.48757616552	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x4b000	0x238c	0x1600	False	0.224076704545	data	3.92619596438	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x4e000	0x22a48	0x22c00	False	0.808425134892	data	7.71446294109	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x71000	0x2cbc	0x2e00	False	0.72707201087	data	6.54560043785	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
TYPELIB	0x70230	0x670	data	English	United States
RT_BITMAP	0x4e190	0x21e67	data	English	United States
RT_STRING	0x708a0	0x26	data	English	United States
RT_VERSION	0x6fff8	0x238	data	English	United States
RT_MANIFEST	0x708c8	0x17d	XML 1.0 document text	English	United States

Imports

DLL	Import
pdh.dll	PdhGetFormattedCounterValue, PdhCollectQueryData, PdhCloseQuery, PdhRemoveCounter, PdhAddCounterW, PdhValidatePathW, PdhOpenQueryW
KERNEL32.dll	IsSystemResumeAutomatic, GetSystemDefaultLangID, GetCommandLineW, GetLastError, GetCurrentThread, GetLargePageMinimum, GetUserDefaultLangID, FlushProcessWriteBuffers, GetACP, GetCurrentProcess, MultiByteToWideChar, RaiseException, InitializeCriticalSectionEx, DeleteCriticalSection, DecodePointer, EnterCriticalSection, LeaveCriticalSection, LoadResource, SizeofResource, FindResourceW, GetModuleHandleW, GetProcAddress, LoadLibraryExW, GetModuleFileNameW, lstrcmpiW, FreeLibrary, MulDiv, SetLastError, TerminateProcess, ReadConsoleW, GetConsoleMode, GetConsoleCP, WriteFile, FlushFileBuffers, GetUserDefaultUILanguage, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, FreeEnvironmentStringsW, GetCommandLineA, IsValidCodePage, FindFirstFileExA, HeapReAlloc, HeapSize, GetFileType, GetStdHandle, GetModuleFileNameA, GetModuleHandleExW, ExitProcess, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, InterlockedFlushSList, RtlUnwind, LoadLibraryExA, VirtualFree, VirtualAlloc, FlushInstructionCache, InterlockedPushEntrySList, InterlockedPopEntrySList, HeapFree, HeapAlloc, GetOEMCP, GetCurrentThreadId, GetProcessHeap, CloseHandle, ReadFile, SetUnhandledExceptionFilter, FindClose, FindNextFileA, GetEnvironmentStringsW, GetTickCount64, SetFilePointerEx, SetStdHandle, CreateFileW, WriteConsoleW, IsProcessorFeaturePresent, IsDebuggerPresent, OutputDebugStringW, GetCPInfo, GetStringTypeW, LCMapStringEx, EncodePointer, LocalFree, WideCharToMultiByte, InitializeSListHead, GetSystemTimeAsFileTime, GetCurrentProcessId, UnhandledExceptionFilter, QueryPerformanceCounter, GetStartupInfoW
USER32.dll	GetDesktopWindow, GetCursor, GetClipboardSequenceNumber, GetMessageTime, GetProcessWindowStation, CreateMenu, GetOpenClipboardWindow, GetForegroundWindow, CallWindowProcW, DrawTextW, InsertMenuW, RegisterClassExW, LoadCursorW, GetClassInfoExW, DefWindowProcW, IsWindow, GetParent, SetTimer, ShowWindow, InvalidateRect, ReleaseDC, GetDC, EndPaint, BeginPaint, ClientToScreen, GetClientRect, SendMessageW, DestroyWindow, CreateWindowExW, GetWindowLongW, SetWindowLongW, CharNextW, UnregisterClassW, CloseClipboard, SetProcessDPIAware, GetCapture, GetMenuCheckMarkDimensions, GetFocus, GetClipboardViewer
GDI32.dll	SetBkMode, SetTextColor, DeleteDC, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, GdiFlush, CreateFontW
ADVAPI32.dll	RegDeleteValueW, RegQueryInfoKeyW, RegSetValueExW, RegEnumKeyExW, RegCloseKey, RegDeleteKeyW, RegCreateKeyExW, RegOpenKeyExW
SHELL32.dll	SHGetFolderPathW, ShellExecuteW, InitNetworkAddressControl
ole32.dll	CoFreeUnusedLibraries, CoCreateInstance, CoInitialize, OleRun, CoTaskMemAlloc, CoTaskMemRealloc, CoTaskMemFree
OLEAUT32.dll	VarBstrCmp, VariantInit, VariantClear, VariantCopy, VariantChangeType, SysStringLen, LoadTypeLib, LoadRegTypeLib, SysFreeString, SysAllocStringLen, VarUI4FromStr, SysAllocString

Exports

Name	Ordinal	Address
DllRegisterServer	1	0x100011a0
asbiqstaeqzsycc	2	0x100014d0
atwuhkycfybkj	3	0x10001760
bdkipyvq	4	0x100012a0
bgbbytziolo	5	0x100012f0
buecjdyytb	6	0x100011e0
buuxyumhydisdj	7	0x10001200
bxjjwud	8	0x10001640
clggklbu	9	0x10001260
cntrlguzspnq	10	0x10001730
cqidywf	11	0x10001660
djkkikrsnitzvwf	12	0x10001270
dlweylze	13	0x100013b0
dtbwdepznmd	14	0x10001440
ecpkvrx	15	0x10001620
efcawfftccniumljx	16	0x100014f0
egkmoop	17	0x100011f0
eilzujryft	18	0x10001700
eoglvqgtpydaong	19	0x10001560
eqnjunmaejgsagb	20	0x10001370
erthjldiugveugnor	21	0x100015e0
etiixdr	22	0x10001430
fdnaddiuzoum	23	0x100016e0
fgttknturxz	24	0x10001400
fkskecmnjoqvvgp	25	0x100015a0
flnfqcriiyzdbadz	26	0x10001340
fmjodsewhbuaejpl	27	0x10001250
fqpyrgjtynfnlox	28	0x10001500
gabmdsnkjw	29	0x10001490
gmhczrdec	30	0x100014c0
gpwfihalwtdyrr	31	0x10001390
hejnyandibnln	32	0x10001520
hfrdrmoablxlonx	33	0x10001460
hghwgdeluqykt	34	0x10001320
ihvqvvzicpewq	35	0x100015f0
iivajhlwfsi	36	0x10001570
iuewaljhzdajm	37	0x10001650
ixfqbarltsoutiwrf	38	0x100011d0
jiikqoz	39	0x100016c0
jvsgknrooldoct	40	0x10001510
kjyqzajsdguapua	41	0x10001590
kwsihdno	42	0x100016d0
ldvtgxarzpsvc	43	0x100012d0
lmkekwksma	44	0x10001530
lpoaczhizwuq	45	0x100013e0
lqklhxhfdczxx	46	0x10001420
lxtpgaxbhm	47	0x10001450
mhfpmkypor	48	0x100016f0
mhvdtqxiglxgz	49	0x100016a0
mhzcnjwqmsxbihhto	50	0x10001220
msrwnbgrhdtsetv	51	0x100015d0
mtkcasew	52	0x10001480
mvoppusdtxscqr	53	0x10001710
oeoymgdahyvguvzi	54	0x10001310
ohsciassscvpnmi	55	0x10001680
onppoychphgi	56	0x10001300
opcxlbmh	57	0x10001740
ozilutnvrlbvn	58	0x100014a0
ozwkxraxpjk	59	0x10001350
pdvrunqhpz	60	0x10001750
psqhlqv	61	0x100012e0
qbqlyqjrvvezlrnv	62	0x10001200
qqpnleaimqeigmzwd	63	0x10001550
ribbymfwgtqxvmazw	64	0x10001600
rjrpkmdpcfshah	65	0x100013c0
rlxeuvuvphivna	66	0x10001280
rmwtnvxf	67	0x10001380
rpifmftmile	68	0x10001410
rsxsmqmdqr	69	0x10001470
rvczgbkiqhjguqzlt	70	0x10001630
sjheqgom	71	0x100015c0
swazvcojjovcsje	72	0x10001230
syeplmlky	73	0x100016b0
talnqsbearlbncu	74	0x100013f0
ugxodrbcnwmv	75	0x100012f0
urwgneldhecndko	76	0x100014e0
urysaldwawlxly	77	0x10001610
uwlylvarwbp	78	0x100013a0
uzkkkjbllosjcbpw	79	0x10001330
vgzkcnfbez	80	0x10001720
vibolribseypzc	81	0x100012b0
vkgihdmzinzkpjkhs	82	0x100014b0
vppiwiotmo	83	0x100013d0
vvvjehe	84	0x100012c0
xakxrcjlugvn	85	0x100015b0
xdfgakyefi	86	0x10001670
xkteqlx	87	0x10001580
xsmvxtgbwesbzcfl	88	0x10001290
yenctkoba	89	0x10001240
ygelastcgo	90	0x10001360
ztxegjdrys	91	0x10001210
zvftowgaxerarqgn	92	0x10001690
zzdjsbaa	93	0x10001540

Version Infos

Description	Data
InternalName	Zqutyyvlsw.dll
FileVersion	8.5.4.5
ProductName	Zqutyyvlsw
ProductVersion	8.5.4.5
FileDescription	rqdads
OriginalFilename	Zqutyyvlsw.dll
Translation	0x0405 0x04e3

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 3, 2021 00:42:35.744447947 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.744488955 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.744565964 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.744580984 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.744616032 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.744707108 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.745543957 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.745568991 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.745609045 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.745621920 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.795114040 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.795327902 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.799206972 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.799318075 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.881364107 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.881390095 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.881757021 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.881860971 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.883220911 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.883260965 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.883809090 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.883898020 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.884635925 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.887321949 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.916997910 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.917166948 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.917197943 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.917275906 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.918297052 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.918319941 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.918417931 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.918479919 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.918519020 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.918570042 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.918612957 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.923258066 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.923373938 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.923397064 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.923451900 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.924674988 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.924705982 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.924782991 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.924802065 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.924824953 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.924843073 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.924859047 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.924880028 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.924890041 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.924920082 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.934360981 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.934575081 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.934604883 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.934690952 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.938925982 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.938993931 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.939111948 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.939150095 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.939203978 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.939239979 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.941139936 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.941263914 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.941283941 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.941339016 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.941873074 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.942028999 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.942053080 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.942099094 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.945813894 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.945884943 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.945957899 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.945980072 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.946006060 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.946031094 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.948661089 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.948816061 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.948844910 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.948915958 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.952610016 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.952678919 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.952876091 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.952897072 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.952912092 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.952965021 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.954427958 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.954878092 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.954895973 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.954960108 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.959032059 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.959059000 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.959069014 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.959101915 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.959191084 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.959217072 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.959266901 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.959296942 CET	443	49787	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.959361076 CET	49787	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.959649086 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.959662914 CET	49786	443	192.168.2.6	23.211.6.95
Dec 3, 2021 00:42:35.961183071 CET	443	49786	23.211.6.95	192.168.2.6
Dec 3, 2021 00:42:35.961277008 CET	443	49787	23.211.6.95	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 3, 2021 00:42:21.275201082 CET	56023	53	192.168.2.6	8.8.8.8
Dec 3, 2021 00:42:33.538043976 CET	56061	53	192.168.2.6	8.8.8.8
Dec 3, 2021 00:42:35.619294882 CET	58336	53	192.168.2.6	8.8.8.8
Dec 3, 2021 00:42:35.640818119 CET	53	58336	8.8.8.8	192.168.2.6
Dec 3, 2021 00:42:50.708467960 CET	52811	53	192.168.2.6	8.8.8.8
Dec 3, 2021 00:42:50.730206966 CET	53	52811	8.8.8.8	192.168.2.6
Dec 3, 2021 00:42:51.324790955 CET	55299	53	192.168.2.6	8.8.8.8
Dec 3, 2021 00:42:58.394412041 CET	63745	53	192.168.2.6	8.8.8.8
Dec 3, 2021 00:42:58.413429022 CET	53	63745	8.8.8.8	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Dec 3, 2021 00:42:21.275201082 CET	192.168.2.6	8.8.8.8	0xd648	Standard query (0)	www.msn.com	A (IP address)	IN (0x0001)
Dec 3, 2021 00:42:33.538043976 CET	192.168.2.6	8.8.8.8	0x2db	Standard query (0)	browser.events.data.msn.com	A (IP address)	IN (0x0001)
Dec 3, 2021 00:42:35.619294882 CET	192.168.2.6	8.8.8.8	0x2ef0	Standard query (0)	contextual.media.net	A (IP address)	IN (0x0001)
Dec 3, 2021 00:42:50.708467960 CET	192.168.2.6	8.8.8.8	0x5c77	Standard query (0)	lg3.media.net	A (IP address)	IN (0x0001)
Dec 3, 2021 00:42:51.324790955 CET	192.168.2.6	8.8.8.8	0xd2ec	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)
Dec 3, 2021 00:42:58.394412041 CET	192.168.2.6	8.8.8.8	0x257e	Standard query (0)	hblg.media.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Dec 3, 2021 00:42:21.295094967 CET	8.8.8.8	192.168.2.6	0xd648	No error (0)	www.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)
Dec 3, 2021 00:42:33.559954882 CET	8.8.8.8	192.168.2.6	0x2db	No error (0)	browser.events.data.msn.com	global.asimov.events.data.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Dec 3, 2021 00:42:35.640818119 CET	8.8.8.8	192.168.2.6	0x2ef0	No error (0)	contextual.media.net		23.211.6.95	A (IP address)	IN (0x0001)
Dec 3, 2021 00:42:50.730206966 CET	8.8.8.8	192.168.2.6	0x5c77	No error (0)	lg3.media.net		23.211.6.95	A (IP address)	IN (0x0001)
Dec 3, 2021 00:42:51.352286100 CET	8.8.8.8	192.168.2.6	0xd2ec	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Dec 3, 2021 00:42:58.413429022 CET	8.8.8.8	192.168.2.6	0x257e	No error (0)	hblg.media.net		23.211.6.95	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

https:

contextual.media.net

lg3.media.net

hblg.media.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.6	49786	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:42:35 UTC	0	OUT	GET /medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1 HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Referer: https://www.msn.com/de-ch/?ocid=iehp Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: contextual.media.net If-None-Match: "af9b4812e53e25fc57a13f41f6790ac9" Connection: Keep-Alive
2021-12-02 23:42:35 UTC	0	IN	HTTP/1.1 200 OK Server: Apache Content-Length: 412168 Content-Type: text/html;charset=UTF-8 x-mnt-h: 10-4 X-MNT-W: 8-13 ETag: "330b4b71a89f8ea60abf1630fbc12242" Strict-Transport-Security: max-age=604800 x-mnet-hli: E Cache-Control: max-age=300 Expires: Thu, 02 Dec 2021 23:47:35 GMT Date: Thu, 02 Dec 2021 23:42:35 GMT Connection: close
2021-12-02 23:42:35 UTC	1	IN	Data Raw: 20 20 20 20 Data Ascii:
2021-12-02 23:42:35 UTC	1	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 20 30 70 78 3b 20 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 77 69 6e 64 6f 77 2e 6d 6e 6a 73 3d 77 69 6e 64 6f 77 2e 6d 6e 6a 73 7c 7c 7b 7d 2c 77 69 6e 64 6f 77 2e 6d 6e 6a 73 2e 45 52 50 3d 77 69 6e 64 6f 77 2e 6d 6e 6a 73 2e 45 52 50 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 6f 72 28 76 61 72 20 6c 3d 22 22 2c Data Ascii: <html><head></head><body style="margin: 0px; padding: 0px; background-color: transparent;"><script language="javascript" type="text/javascript">window.mnjs=window.mnjs\|\|{},window.mnjs.ERP=window.mnjs.ERP\|\|function(){"use strict";for(var l="",
2021-12-02 23:42:35 UTC	33	IN	Data Raw: 43 54 45 54 22 2c 22 41 50 50 4c 59 5f 47 4f 4f 47 4c 45 5f 52 45 53 54 52 49 43 54 49 4f 4e 22 2c 22 53 54 4f 50 5f 53 50 41 4d 22 2c 22 53 54 4f 50 5f 57 48 49 54 45 4f 50 53 22 5d 2c 53 39 39 3a 5b 5d 7d 2c 64 66 63 6e 73 74 3a 22 31 4e 59 2d 22 2c 70 73 70 3a 21 30 7d 2c 74 63 66 63 6f 6e 66 69 67 3a 7b 70 61 6d 3a 7b 31 3a 7b 74 70 3a 22 43 22 2c 61 63 74 3a 5b 22 44 49 53 41 42 4c 45 5f 43 4f 4f 4b 49 45 53 59 4e 43 22 2c 22 53 54 4f 50 5f 57 48 49 54 45 4f 50 53 22 2c 22 53 54 4f 50 5f 53 50 41 4d 22 5d 7d 2c 32 3a 7b 74 70 3a 22 46 22 2c 61 63 74 3a 5b 22 44 49 53 41 42 4c 45 5f 41 44 53 22 2c 22 53 54 4f 50 5f 4c 4f 47 47 49 4e 47 5f 56 49 53 49 54 4f 52 5f 49 44 22 2c 22 54 52 49 4d 5f 4c 41 53 54 5f 4f 43 54 45 54 22 5d 7d 2c 33 3a 7b 74 70 3a Data Ascii: CTET","APPLY_GOOGLE_RESTRICTION","STOP_SPAM","STOP_WHITEOPS"],S99:[]},dfcnst:"1NY-",psp:!0},tcfconfig:{pam:{1:{tp:"C",act:["DISABLE_COOKIESYNC","STOP_WHITEOPS","STOP_SPAM"]},2:{tp:"F",act:["DISABLE_ADS","STOP_LOGGING_VISITOR_ID","TRIM_LAST_OCTET"]},3:{tp:
2021-12-02 23:42:35 UTC	41	IN	Data Raw: 63 72 6f 6c 6c 48 65 69 67 68 74 2c 74 2e 6f 66 66 73 65 74 48 65 69 67 68 74 2c 65 2e 63 6c 69 65 6e 74 48 65 69 67 68 74 2c 65 2e 73 63 72 6f 6c 6c 48 65 69 67 68 74 2c 65 2e 6f 66 66 73 65 74 48 65 69 67 68 74 29 7d 63 61 74 63 68 28 72 29 7b 72 65 74 75 72 6e 20 30 7d 7d 66 75 6e 63 74 69 6f 6e 20 68 28 74 29 7b 74 72 79 7b 74 2e 66 72 61 6d 65 45 6c 65 6d 65 6e 74 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 21 30 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 76 28 74 2c 65 29 7b 72 65 74 75 72 6e 21 21 4f 28 74 29 26 26 28 4f 28 65 29 26 26 74 2e 69 6e 64 65 78 4f 66 28 65 29 21 3d 3d 2d 31 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 74 2c 65 29 7b 72 65 74 75 72 6e 21 21 4d 28 74 29 26 26 28 49 74 28 74 2c 66 75 6e 63 74 69 6f 6e 28 74 29 Data Ascii: crollHeight,t.offsetHeight,e.clientHeight,e.scrollHeight,e.offsetHeight)}catch(r){return 0}}function h(t){try{t.frameElement}catch(e){return!0}return!1}function v(t,e){return!!O(t)&&(O(e)&&t.indexOf(e)!==-1)}function m(t,e){return!!M(t)&&(It(t,function(t)
2021-12-02 23:42:35 UTC	65	IN	Data Raw: 6b 69 65 3b 72 65 74 75 72 6e 21 30 7d 63 61 74 63 68 28 74 29 7b 72 65 74 75 72 6e 21 31 7d 7d 66 75 6e 63 74 69 6f 6e 20 75 65 28 74 29 7b 69 66 28 21 61 65 28 29 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 65 3d 72 2e 63 6f 6f 6b 69 65 2e 69 6e 64 65 78 4f 66 28 74 2b 22 3d 22 29 2c 6e 3d 65 2b 74 2e 6c 65 6e 67 74 68 2b 31 3b 69 66 28 21 65 26 26 74 21 3d 3d 72 2e 63 6f 6f 6b 69 65 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 74 2e 6c 65 6e 67 74 68 29 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 69 66 28 65 3d 3d 3d 2d 31 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 69 3d 72 2e 63 6f 6f 6b 69 65 2e 69 6e 64 65 78 4f 66 28 22 3b 22 2c 6e 29 3b 72 65 74 75 72 6e 20 69 3d 3d 3d 2d 31 26 26 28 69 3d 72 2e 63 6f 6f 6b 69 65 2e 6c 65 6e 67 74 68 29 2c 75 Data Ascii: kie;return!0}catch(t){return!1}}function ue(t){if(!ae())return null;var e=r.cookie.indexOf(t+"="),n=e+t.length+1;if(!e&&t!==r.cookie.substring(0,t.length))return null;if(e===-1)return null;var i=r.cookie.indexOf(";",n);return i===-1&&(i=r.cookie.length),u
2021-12-02 23:42:35 UTC	97	IN	Data Raw: 7b 72 2e 51 65 28 65 29 7c 7c 28 65 3d 5b 65 5d 29 2c 74 3d 6f 28 74 29 2c 6e 3d 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 72 2e 61 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 72 3d 61 2e 48 28 65 2c 74 2c 6e 29 3b 73 77 69 74 63 68 28 74 2e 74 79 70 65 29 7b 63 61 73 65 22 69 6d 67 22 3a 73 28 65 2c 72 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 73 63 72 69 70 74 22 3a 69 28 65 2c 74 2c 72 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 78 68 72 22 3a 75 28 65 2c 74 2c 72 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 73 62 22 3a 66 28 65 2c 74 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 69 66 53 63 72 22 3a 64 28 65 2c 74 2c 72 29 7d 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 69 28 74 2c 6e 2c 61 29 7b 6e 2e 66 6f 72 63 65 50 72 6f 74 6f 63 6f 6c 3d 3d 3d 21 30 26 26 Data Ascii: {r.Qe(e)\|\|(e=[e]),t=o(t),n=n\|\|function(){},r.a(e,function(e){var r=a.H(e,t,n);switch(t.type){case"img":s(e,r);break;case"script":i(e,t,r);break;case"xhr":u(e,t,r);break;case"sb":f(e,t);break;case"ifScr":d(e,t,r)}})}function i(t,n,a){n.forceProtocol===!0&&
2021-12-02 23:42:35 UTC	113	IN	Data Raw: 5b 72 5d 29 26 26 28 63 2e 72 65 73 75 6c 74 5b 72 5d 3d 22 50 4f 53 54 22 29 7d 72 65 74 75 72 6e 20 63 2e 72 65 73 75 6c 74 5b 72 5d 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 72 29 7b 69 66 28 22 50 4f 53 54 22 3d 3d 3d 65 29 72 65 74 75 72 6e 20 6f 2e 6c 6f 67 55 72 6c 73 2e 70 6f 67 3b 76 61 72 20 6e 3d 75 28 72 29 3b 72 65 74 75 72 6e 22 6f 72 22 3d 3d 3d 6e 3f 6f 2e 6c 6f 67 55 72 6c 73 2e 6f 67 6f 72 65 67 6f 6e 3a 6f 2e 6c 6f 67 55 72 6c 73 2e 6f 67 7d 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 72 65 74 75 72 6e 20 6f 2e 6c 6f 67 55 72 6c 73 2e 70 6e 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 2c 6f 29 7b 72 65 74 75 72 6e 20 66 28 65 2c 6f 29 2b 61 28 29 7d 66 75 6e 63 74 69 6f 6e 20 70 28 29 7b 72 65 74 75 72 6e 20 6f 2e 6c 6f 67 55 72 6c 73 2e 63 72 6c Data Ascii: [r])&&(c.result[r]="POST")}return c.result[r]}function f(e,r){if("POST"===e)return o.logUrls.pog;var n=u(r);return"or"===n?o.logUrls.ogoregon:o.logUrls.og}function a(){return o.logUrls.pn}function d(e,o){return f(e,o)+a()}function p(){return o.logUrls.crl
2021-12-02 23:42:35 UTC	121	IN	Data Raw: 30 7d 66 75 6e 63 74 69 6f 6e 20 4a 6e 28 29 7b 72 65 74 75 72 6e 20 74 2e 5a 54 28 68 75 29 26 26 74 2e 5a 54 28 46 75 29 26 26 21 74 2e 56 6d 28 45 75 2e 52 45 46 45 52 52 45 52 29 26 26 28 45 75 2e 52 45 46 45 52 52 45 52 3d 46 75 2e 67 65 74 43 6c 65 61 6e 52 65 66 65 72 72 65 72 55 72 6c 28 68 75 2e 67 65 74 52 65 66 65 72 72 65 72 55 72 6c 43 6f 6e 76 65 6e 74 69 6f 6e 61 6c 57 61 79 28 29 29 2c 74 2e 56 47 28 45 75 2e 52 45 46 45 52 52 45 52 29 3d 3d 3d 21 30 26 26 28 45 75 2e 52 45 46 45 52 52 45 52 3d 74 2e 59 28 45 75 2e 52 45 46 45 52 52 45 52 29 29 2c 7a 6e 28 29 3d 3d 3d 45 75 2e 52 45 46 45 52 52 45 52 26 26 28 45 75 2e 52 45 46 45 52 52 45 52 3d 22 22 29 29 2c 45 75 2e 52 45 46 45 52 52 45 52 7c 7c 22 22 7d 66 75 6e 63 74 69 6f 6e 20 51 6e Data Ascii: 0}function Jn(){return t.ZT(hu)&&t.ZT(Fu)&&!t.Vm(Eu.REFERRER)&&(Eu.REFERRER=Fu.getCleanReferrerUrl(hu.getReferrerUrlConventionalWay()),t.VG(Eu.REFERRER)===!0&&(Eu.REFERRER=t.Y(Eu.REFERRER)),zn()===Eu.REFERRER&&(Eu.REFERRER="")),Eu.REFERRER\|\|""}function Qn
2021-12-02 23:42:35 UTC	153	IN	Data Raw: 6e 20 6e 3d 74 2c 74 68 69 73 7d 2c 74 68 69 73 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 72 29 7b 72 65 74 75 72 6e 20 6e 5b 74 5d 3d 72 2c 74 68 69 73 7d 2c 74 68 69 73 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 5b 74 5d 7d 2c 74 68 69 73 2e 67 65 74 42 79 50 61 74 68 3d 66 75 6e 63 74 69 6f 6e 28 72 29 7b 72 65 74 75 72 6e 20 74 2e 75 28 6e 2c 72 29 7d 2c 74 68 69 73 2e 73 65 72 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 2e 6b 28 7b 7d 2c 6e 29 7d 2c 74 68 69 73 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 74 29 7d 7d 72 65 74 75 72 6e 20 6e 7d 29 3b 5f 63 44 28 22 62 69 Data Ascii: n n=t,this},this.set=function(t,r){return n[t]=r,this},this.get=function(t){return n[t]},this.getByPath=function(r){return t.u(n,r)},this.serialize=function(){return t.k({},n)},this.hasOwnProperty=function(t){return n.hasOwnProperty(t)}}return n});_cD("bi
2021-12-02 23:42:35 UTC	169	IN	Data Raw: 74 63 68 65 72 2e 61 70 70 65 6e 64 28 74 2c 74 68 69 73 2e 4c 4f 47 5f 54 59 50 45 29 7d 2c 74 68 69 73 2e 72 65 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 65 2e 64 69 73 70 61 74 63 68 65 72 2e 66 69 72 65 28 29 7d 2c 74 2e 6c 28 22 61 6c 6c 3a 72 65 73 65 74 22 2c 22 63 6f 6d 6d 61 6e 64 22 2c 69 29 7d 72 65 74 75 72 6e 20 73 7d 29 3b 5f 63 44 28 22 6c 6f 67 64 69 73 70 61 74 63 68 73 65 72 76 69 63 65 22 2c 5b 22 5f 22 2c 22 65 6d 22 2c 22 6c 6f 67 73 65 6c 66 64 69 73 70 61 74 63 68 65 72 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 72 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 72 65 74 75 72 6e 20 72 2e 69 73 48 65 74 65 72 6f 67 65 6e 65 6f 75 73 4c 6f 67 67 69 6e 67 45 6e 61 62 6c 65 64 28 65 29 3f Data Ascii: tcher.append(t,this.LOG_TYPE)},this.reset=function(){e.dispatcher.fire()},t.l("all:reset","command",i)}return s});_cD("logdispatchservice",["_","em","logselfdispatcher"],function(e,r,n){"use strict";function t(e){return r.isHeterogeneousLoggingEnabled(e)?
2021-12-02 23:42:35 UTC	201	IN	Data Raw: 75 6e 63 74 69 6f 6e 20 74 28 65 2c 74 29 7b 72 65 74 75 72 6e 22 39 39 22 21 3d 3d 74 2e 62 72 49 64 26 26 22 31 30 31 22 21 3d 3d 74 2e 62 72 49 64 7c 7c 65 2e 73 65 74 28 22 6f 67 62 64 70 22 2c 22 30 22 29 2e 73 65 74 28 22 62 64 70 22 2c 22 30 22 29 2e 73 65 74 28 22 63 62 64 70 22 2c 22 30 22 29 2e 73 65 74 28 22 64 66 70 42 64 22 2c 22 30 22 29 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 73 28 65 2c 74 2c 73 2c 69 29 7b 76 61 72 20 64 3d 74 2e 63 72 69 64 2c 61 3d 74 2e 61 63 69 64 2c 63 3d 74 2e 73 62 64 72 69 64 7c 7c 72 2e 53 79 28 64 2c 61 29 7c 7c 22 22 2c 6d 3d 74 2e 69 73 6e 61 74 3f 70 2e 67 65 74 54 65 6d 70 6c 61 74 65 4b 65 79 46 6f 72 4e 61 74 69 76 65 53 6c 6f 74 28 64 29 3a 22 22 3b 72 65 74 75 72 6e 20 6f 2e 73 65 74 43 6f 6d 6d 6f 6e 50 72 Data Ascii: unction t(e,t){return"99"!==t.brId&&"101"!==t.brId\|\|e.set("ogbdp","0").set("bdp","0").set("cbdp","0").set("dfpBd","0"),e}function s(e,t,s,i){var d=t.crid,a=t.acid,c=t.sbdrid\|\|r.Sy(d,a)\|\|"",m=t.isnat?p.getTemplateKeyForNativeSlot(d):"";return o.setCommonPr
2021-12-02 23:42:35 UTC	217	IN	Data Raw: 64 65 6c 3b 64 2e 73 65 74 28 22 6e 61 6d 65 22 2c 74 2e 6e 61 6d 65 7c 7c 22 55 4e 4b 4e 4f 57 4e 22 29 2e 73 65 74 28 22 73 74 61 63 6b 22 2c 74 2e 6d 65 73 73 61 67 65 7c 7c 22 4e 4f 4e 45 22 29 2e 73 65 74 28 22 63 72 69 64 22 2c 74 2e 63 72 69 64 7c 7c 22 22 29 2e 73 65 74 28 22 64 66 70 44 69 76 22 2c 74 2e 73 6c 6f 74 49 64 7c 7c 22 22 29 2e 73 65 74 28 22 70 76 69 64 22 2c 74 2e 70 76 69 64 7c 7c 22 22 29 2e 73 65 74 28 22 64 66 70 42 64 22 2c 74 2e 64 66 70 62 64 7c 7c 22 22 29 2e 73 65 74 28 22 6c 69 64 22 2c 74 2e 6c 69 7c 7c 22 22 29 2e 73 65 74 28 22 74 72 65 66 22 2c 74 2e 72 63 74 72 3e 30 29 2e 73 65 74 28 22 72 66 63 22 2c 74 2e 72 63 74 72 29 2e 73 65 74 28 22 63 70 72 22 2c 31 65 33 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2e 73 65 Data Ascii: del;d.set("name",t.name\|\|"UNKNOWN").set("stack",t.message\|\|"NONE").set("crid",t.crid\|\|"").set("dfpDiv",t.slotId\|\|"").set("pvid",t.pvid\|\|"").set("dfpBd",t.dfpbd\|\|"").set("lid",t.li\|\|"").set("tref",t.rctr>0).set("rfc",t.rctr).set("cpr",1e3*Math.random()).se
2021-12-02 23:42:35 UTC	249	IN	Data Raw: 7b 7d 2c 6f 74 3d 7b 7d 2c 61 74 3d 7b 7d 2c 75 74 3d 5b 5d 2c 73 74 3d 7b 7d 2c 63 74 3d 7b 7d 2c 70 74 3d 74 68 69 73 3b 74 68 69 73 2e 67 65 74 50 72 6f 76 69 64 65 72 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 75 74 7d 2c 74 68 69 73 2e 69 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 7d 2c 74 68 69 73 2e 67 65 74 52 65 71 75 65 73 74 43 6f 75 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 24 7d 2c 74 68 69 73 2e 73 65 74 4e 65 74 77 6f 72 6b 54 69 6d 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 73 74 3d 74 7d 2c 74 68 69 73 2e 61 64 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 24 2b 2b 2c 70 74 2e 61 74 74 61 63 68 4c 69 73 74 65 6e 65 72 73 28 6e 29 3b 76 61 72 20 72 3d 74 2e 67 65 74 28 73 2e 50 72 Data Ascii: {},ot={},at={},ut=[],st={},ct={},pt=this;this.getProviders=function(){return ut},this.id=function(){return n},this.getRequestCount=function(){return $},this.setNetworkTime=function(t){st=t},this.add=function(t,n){$++,pt.attachListeners(n);var r=t.get(s.Pr
2021-12-02 23:42:35 UTC	265	IN	Data Raw: 6c 6c 28 29 29 7d 66 75 6e 63 74 69 6f 6e 20 73 28 6e 29 7b 65 2e 5a 54 28 70 29 26 26 65 2e 5a 54 28 70 2e 67 65 74 41 6c 6c 28 29 29 26 26 6e 2e 70 61 72 73 65 28 70 2e 67 65 74 41 6c 6c 28 29 29 7d 66 75 6e 63 74 69 6f 6e 20 72 28 6e 29 7b 65 2e 5a 54 28 64 29 26 26 65 2e 5a 54 28 64 2e 67 65 74 41 6c 6c 28 29 29 26 26 6e 2e 70 61 72 73 65 28 64 2e 67 65 74 41 6c 6c 28 29 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 6e 29 7b 65 2e 5a 54 28 66 29 26 26 6e 2e 70 61 72 73 65 28 66 29 7d 66 75 6e 63 74 69 6f 6e 20 61 28 65 29 7b 72 65 74 75 72 6e 20 74 28 65 29 2c 73 28 65 29 2c 72 28 65 29 2c 6f 28 65 29 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 63 28 65 2c 6e 29 7b 76 61 72 20 74 3d 65 2e 67 65 74 50 72 6f 76 69 64 65 72 43 6f 6e 66 69 67 46 6f 72 53 6c 6f 74 28 29 Data Ascii: ll())}function s(n){e.ZT(p)&&e.ZT(p.getAll())&&n.parse(p.getAll())}function r(n){e.ZT(d)&&e.ZT(d.getAll())&&n.parse(d.getAll())}function o(n){e.ZT(f)&&n.parse(f)}function a(e){return t(e),s(e),r(e),o(e),e}function c(e,n){var t=e.getProviderConfigForSlot()
2021-12-02 23:42:35 UTC	281	IN	Data Raw: 6f 6d 43 6f 6f 6b 69 65 53 79 6e 63 29 26 26 21 73 2e 69 73 41 63 74 69 6f 6e 41 70 70 6c 69 63 61 62 6c 65 28 22 44 49 53 41 42 4c 45 5f 43 4f 4f 4b 49 45 53 59 4e 43 22 29 3f 6f 2e 64 6f 43 75 73 74 6f 6d 43 6f 6f 6b 69 65 53 79 6e 63 28 29 3a 74 2e 70 75 73 68 28 65 29 7d 29 2c 54 28 74 29 29 7d 66 75 6e 63 74 69 6f 6e 20 5a 28 29 7b 59 3d 21 30 3b 76 61 72 20 6e 3d 62 28 29 3b 46 28 6e 29 2c 68 28 6e 29 2c 79 28 29 7d 66 75 6e 63 74 69 6f 6e 20 79 28 29 7b 76 61 72 20 6e 3d 61 2e 67 65 74 45 78 70 69 72 79 4c 65 66 74 46 72 6f 6d 43 6f 6f 6b 69 65 28 29 2c 65 3d 61 2e 63 68 65 63 6b 46 6f 72 43 6f 6f 6b 69 65 44 65 6c 65 74 69 6f 6e 28 71 28 29 29 3b 28 6e 3c 3d 30 7c 7c 65 29 26 26 61 2e 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 29 2c 61 2e 64 65 6c 65 Data Ascii: omCookieSync)&&!s.isActionApplicable("DISABLE_COOKIESYNC")?o.doCustomCookieSync():t.push(e)}),T(t))}function Z(){Y=!0;var n=b();F(n),h(n),y()}function y(){var n=a.getExpiryLeftFromCookie(),e=a.checkForCookieDeletion(q());(n<=0\|\|e)&&a.deleteCookie(),a.dele
2021-12-02 23:42:35 UTC	289	IN	Data Raw: 7b 76 61 72 20 74 3d 61 2e 67 65 74 49 6e 66 6f 28 22 6c 73 22 29 3b 69 66 28 65 2e 5a 54 28 74 29 29 7b 76 61 72 20 72 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 74 29 3b 72 65 74 75 72 6e 20 72 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 6e 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 76 28 29 7b 76 61 72 20 6e 3d 72 2e 6c 56 28 29 2c 74 3d 72 2e 67 63 28 29 26 26 21 72 2e 51 6e 28 29 3b 72 65 74 75 72 6e 21 28 65 2e 5a 54 28 6e 29 7c 7c 74 7c 7c 21 61 2e 4a 62 28 29 29 26 26 28 21 65 2e 69 28 4f 29 7c 7c 21 31 29 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 29 7b 72 65 74 75 72 6e 20 73 28 29 2c 43 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6b 28 29 7b 76 61 72 20 6e 3d 28 6e 65 77 20 44 61 74 65 29 2e 67 Data Ascii: {var t=a.getInfo("ls");if(e.ZT(t)){var r=JSON.parse(t);return r.hasOwnProperty(n)}return!1}function v(){var n=r.lV(),t=r.gc()&&!r.Qn();return!(e.ZT(n)\|\|t\|\|!a.Jb())&&(!e.i(O)\|\|!1)}function p(e){return s(),C.hasOwnProperty(e)}function k(){var n=(new Date).g
2021-12-02 23:42:35 UTC	321	IN	Data Raw: 74 68 69 73 7d 2c 74 68 69 73 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 69 29 7b 72 65 74 75 72 6e 20 65 5b 74 5d 3d 69 2c 74 68 69 73 7d 2c 74 68 69 73 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 65 5b 74 5d 7d 2c 74 68 69 73 2e 70 72 6f 76 69 64 65 72 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 74 2e 5a 54 28 65 29 29 72 65 74 75 72 6e 20 69 2e 73 65 74 28 22 70 72 76 22 2c 65 29 2c 74 68 69 73 3b 76 61 72 20 72 3d 69 2e 67 65 74 28 22 70 72 76 22 29 3b 72 65 74 75 72 6e 20 72 2e 77 68 65 72 65 28 7b 7d 29 7d 2c 74 68 69 73 2e 69 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 69 2e 67 65 74 28 22 63 72 69 64 22 29 7d 2c 74 68 69 73 2e 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e Data Ascii: this},this.set=function(t,i){return e[t]=i,this},this.get=function(t){return e[t]},this.providers=function(e){if(t.ZT(e))return i.set("prv",e),this;var r=i.get("prv");return r.where({})},this.id=function(){return i.get("crid")},this.code=function(){return
2021-12-02 23:42:35 UTC	337	IN	Data Raw: 69 6f 6e 28 74 2c 6e 2c 69 2c 72 2c 63 2c 6f 2c 73 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 69 2e 63 61 6c 6c 28 74 68 69 73 29 2c 74 68 69 73 2e 69 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 67 65 74 28 22 62 67 69 64 22 29 7d 2c 74 68 69 73 2e 61 6c 69 61 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 67 65 74 28 22 62 67 61 6c 73 22 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 75 28 29 7b 63 2e 63 61 6c 6c 28 74 68 69 73 29 7d 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 76 61 72 20 69 3d 6e 2e 62 69 64 64 65 72 47 72 6f 75 70 73 7c 7c 7b 7d 3b 74 2e 61 28 69 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 2e 61 64 64 28 28 6e 65 77 20 61 29 2e 63 6f 6e 66 69 67 28 74 29 Data Ascii: ion(t,n,i,r,c,o,s){"use strict";function a(){i.call(this),this.id=function(){return this.get("bgid")},this.alias=function(){return this.get("bgals")}}function u(){c.call(this)}function e(){var i=n.bidderGroups\|\|{};t.a(i,function(t){f.add((new a).config(t)
2021-12-02 23:42:35 UTC	369	IN	Data Raw: 7c 7c 6e 75 6c 6c 7d 2c 74 68 69 73 2e 67 65 74 57 69 6e 6e 69 6e 67 42 69 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 69 29 7b 69 66 28 69 21 3d 3d 21 30 26 26 46 28 29 2c 30 3d 3d 3d 63 74 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 20 65 74 2e 69 73 57 69 6e 6e 65 72 44 65 63 3d 21 30 2c 65 3f 5b 6e 75 6c 6c 2c 6e 75 6c 6c 5d 3a 6e 75 6c 6c 3b 69 66 28 65 74 2e 69 73 57 69 6e 6e 65 72 44 65 63 29 72 65 74 75 72 6e 20 57 28 65 29 3b 69 66 28 53 28 29 2c 4d 28 29 2c 63 74 2e 6c 65 6e 67 74 68 3e 30 29 7b 76 61 72 20 6e 3d 63 74 5b 30 5d 3b 77 28 6e 29 26 26 28 6e 2e 73 65 74 28 22 69 77 62 22 2c 22 31 22 29 2c 65 74 2e 68 61 73 41 6e 79 57 69 6e 42 69 64 3d 21 30 29 7d 76 61 72 20 72 3d 57 28 65 29 2c 73 3d 74 2e 51 65 28 72 29 3f 72 5b 30 5d 3a 72 3b 72 65 74 Data Ascii: \|\|null},this.getWinningBid=function(e,i){if(i!==!0&&F(),0===ct.length)return et.isWinnerDec=!0,e?[null,null]:null;if(et.isWinnerDec)return W(e);if(S(),M(),ct.length>0){var n=ct[0];w(n)&&(n.set("iwb","1"),et.hasAnyWinBid=!0)}var r=W(e),s=t.Qe(r)?r[0]:r;ret
2021-12-02 23:42:35 UTC	385	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 6d 28 65 29 7b 69 66 28 77 69 6e 64 6f 77 2e 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 63 61 62 75 63 6b 22 29 29 7b 76 61 72 20 6e 3d 77 69 6e 64 6f 77 2e 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 63 61 62 75 63 6b 22 29 2c 72 3d 6e 65 77 20 44 61 74 65 28 77 69 6e 64 6f 77 2e 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 63 62 65 78 70 22 29 29 3b 72 65 74 75 72 6e 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 3e 72 2e 67 65 74 54 69 6d 65 28 29 3f 6e 75 6c 6c 3a 74 2e 57 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 29 3d 3d 3d 6e 29 72 65 74 75 72 6e 20 65 7d 29 7d 72 65 Data Ascii: function m(e){if(window.sessionStorage.getItem("cabuck")){var n=window.sessionStorage.getItem("cabuck"),r=new Date(window.sessionStorage.getItem("cbexp"));return(new Date).getTime()>r.getTime()?null:t.W(e,function(e){if(JSON.stringify(e)===n)return e})}re
2021-12-02 23:42:35 UTC	417	IN	Data Raw: 28 29 29 2c 6e 2e 70 75 73 68 28 75 29 7d 7d 2c 74 68 69 73 2e 67 65 74 42 75 69 6c 64 42 69 64 44 61 74 61 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 2e 48 28 69 2e 62 75 69 6c 64 42 69 64 44 61 74 61 2c 5b 69 2e 68 61 6e 64 6c 65 42 69 64 73 46 6f 72 41 75 63 74 69 6f 6e 5d 29 7d 2c 74 68 69 73 2e 62 75 69 6c 64 42 69 64 44 61 74 61 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 6f 72 28 76 61 72 20 64 3d 65 2e 41 5a 28 29 2c 61 3d 30 2c 73 3d 6e 2e 6c 65 6e 67 74 68 3b 61 3c 73 3b 61 2b 2b 29 7b 76 61 72 20 72 3d 6e 5b 61 5d 3b 74 28 69 2e 67 65 74 44 65 66 61 75 6c 74 42 69 64 46 6f 72 50 6c 61 63 65 6d 65 6e 74 28 72 2c 64 29 2c 72 2c 61 3d 3d 3d 6e 2e 6c 65 6e 67 74 68 2d 31 29 7d 6e 3d 5b 5d 7d 2c 74 68 69 73 2e Data Ascii: ()),n.push(u)}},this.getBuildBidDataCallback=function(){return e.H(i.buildBidData,[i.handleBidsForAuction])},this.buildBidData=function(t){for(var d=e.AZ(),a=0,s=n.length;a<s;a++){var r=n[a];t(i.getDefaultBidForPlacement(r,d),r,a===n.length-1)}n=[]},this.
2021-12-02 23:42:35 UTC	433	IN	Data Raw: 28 6f 29 7b 76 61 72 20 73 3d 6f 2e 67 65 74 28 22 73 7a 22 29 3b 65 2e 5a 54 28 73 29 26 26 28 72 2e 73 69 7a 65 73 2e 70 75 73 68 28 6f 2e 67 65 74 28 22 73 7a 22 29 29 2c 72 2e 65 70 63 2e 70 75 73 68 28 69 2e 67 65 74 45 78 74 65 72 6e 61 6c 50 6c 61 63 65 6d 65 6e 74 43 6f 64 65 28 6f 2c 74 29 29 29 7d 29 2c 72 29 3a 72 7d 2c 74 68 69 73 2e 67 65 74 45 78 74 65 72 6e 61 6c 50 6c 61 63 65 6d 65 6e 74 43 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 65 2e 67 65 74 28 22 65 70 63 22 29 7c 7c 74 2e 67 65 74 28 22 63 72 69 64 22 29 7d 2c 74 68 69 73 2e 70 61 72 73 65 45 61 63 68 50 72 6f 76 69 64 65 72 52 65 73 70 6f 6e 73 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 6f 29 7b 76 61 72 20 73 3d 74 2e 67 65 74 50 72 6f 76 69 64 Data Ascii: (o){var s=o.get("sz");e.ZT(s)&&(r.sizes.push(o.get("sz")),r.epc.push(i.getExternalPlacementCode(o,t)))}),r):r},this.getExternalPlacementCode=function(e,t){return e.get("epc")\|\|t.get("crid")},this.parseEachProviderResponse=function(t,r,o){var s=t.getProvid
2021-12-02 23:42:35 UTC	465	IN	Data Raw: 73 2e 73 65 6f 3f 73 65 74 54 69 6d 65 6f 75 74 28 65 2e 48 28 64 2e 69 6e 69 74 2c 5b 5d 2c 64 29 2c 30 29 3a 64 2e 69 6e 69 74 28 29 7d 29 3b 7d 20 63 61 74 63 68 20 28 65 72 72 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 68 62 43 4d 42 69 64 78 63 2e 65 72 72 6f 72 20 3d 20 65 72 72 3b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 68 62 43 4d 42 69 64 78 63 2e 63 61 74 63 68 43 6f 6e 73 74 61 6e 74 73 20 3d 20 7b 22 6e 61 6d 65 22 3a 22 68 62 43 4d 42 69 64 65 78 63 68 61 6e 67 65 22 2c 22 74 79 70 65 22 3a 22 48 42 2d 43 4d 22 2c 22 73 76 72 22 3a 22 32 30 32 31 31 31 31 30 31 33 5f 31 37 30 22 2c 22 73 65 72 76 6e 61 6d 65 22 3a 22 68 62 63 6d 5f 6e 61 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 68 62 43 4d 42 69 64 65 78 63 68 61 6e 67 65 20 65 6e 63 6f 75 6e 74 Data Ascii: s.seo?setTimeout(e.H(d.init,[],d),0):d.init()});} catch (err) { window.hbCMBidxc.error = err; window.hbCMBidxc.catchConstants = {"name":"hbCMBidexchange","type":"HB-CM","svr":"2021111013_170","servname":"hbcm_na","message":"hbCMBidexchange encount
2021-12-02 23:42:35 UTC	481	IN	Data Raw: 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 2c 69 3b 21 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 65 2e 64 69 76 49 64 29 26 26 65 2e 73 6c 6f 74 49 64 26 26 28 28 74 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 69 66 72 61 6d 65 49 64 29 29 26 26 28 74 2e 77 69 64 74 68 3d 65 2e 77 69 64 74 68 2c 74 2e 68 65 69 67 68 74 3d 65 2e 68 65 69 67 68 74 29 2c 69 3d 67 65 74 53 69 7a 65 41 72 72 61 79 49 6e 49 6e 74 28 65 2e 73 69 7a 65 4c 69 73 74 2c 65 2e 77 69 64 74 68 2c 65 2e 68 65 69 67 68 74 29 2c 77 69 6e 64 6f 77 2e 6d 65 64 69 61 6e 65 74 5f 74 61 67 69 64 3d 65 2e 74 61 67 69 64 2c 77 69 6e 64 6f 77 2e 6d 65 64 69 61 6e 65 74 5f 64 66 70 56 Data Ascii: =function(e){var t,i;!document.getElementById(e.divId)&&e.slotId&&((t=window.parent.document.getElementById(iframeId))&&(t.width=e.width,t.height=e.height),i=getSizeArrayInInt(e.sizeList,e.width,e.height),window.medianet_tagid=e.tagid,window.medianet_dfpV
2021-12-02 23:42:35 UTC	497	IN	Data Raw: 61 6c 6c 3a 67 2c 67 65 74 52 61 6e 64 6f 6d 3a 77 2c 69 73 50 65 72 63 65 6e 74 41 70 70 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 77 28 31 2c 31 30 30 29 3c 3d 70 61 72 73 65 49 6e 74 28 65 2c 31 30 29 7d 2c 67 65 74 50 61 72 61 6d 56 61 6c 75 65 46 72 6f 6d 55 72 6c 41 73 41 72 72 61 79 3a 61 2e 75 72 75 2e 67 65 74 50 61 72 61 6d 56 61 6c 75 65 46 72 6f 6d 55 72 6c 41 73 41 72 72 61 79 2c 47 65 74 50 61 72 61 6d 56 61 6c 75 65 46 72 6f 6d 55 72 6c 3a 61 2e 75 72 75 2e 47 65 74 50 61 72 61 6d 56 61 6c 75 65 46 72 6f 6d 55 72 6c 2c 63 68 65 63 6b 55 72 6c 44 65 63 6f 64 69 6e 67 45 6e 63 6f 64 69 6e 67 3a 61 2e 75 72 75 2e 63 68 65 63 6b 55 72 6c 44 65 63 6f 64 69 6e 67 45 6e 63 6f 64 69 6e 67 2c 65 76 65 6e 74 4c 69 62 3a 61 2e 65 76 Data Ascii: all:g,getRandom:w,isPercentApp:function(e){return w(1,100)<=parseInt(e,10)},getParamValueFromUrlAsArray:a.uru.getParamValueFromUrlAsArray,GetParamValueFromUrl:a.uru.GetParamValueFromUrl,checkUrlDecodingEncoding:a.uru.checkUrlDecodingEncoding,eventLib:a.ev
2021-12-02 23:42:35 UTC	505	IN	Data Raw: 26 26 28 69 2b 3d 5b 22 26 22 2c 22 76 67 64 5f 22 2b 74 2c 22 3d 22 2c 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 63 5b 74 5d 29 5d 2e 6a 6f 69 6e 28 22 22 29 29 3b 72 65 74 75 72 6e 20 69 7d 28 29 2c 67 3d 6f 2e 5f 6d 4e 2e 5f 68 74 68 43 68 6b 55 52 4c 2b 72 3b 69 66 28 5f 6d 4e 2e 5f 74 72 75 6e 4c 6f 67 55 72 6c 26 26 28 67 3d 73 2e 74 72 75 6e 63 61 74 65 55 72 6c 28 67 2c 5f 6d 4e 2e 5f 74 72 75 6e 4c 6f 67 55 72 6c 29 29 2c 65 3d 69 2c 21 73 2e 63 68 65 63 6b 49 74 65 6d 45 78 69 73 74 73 28 6f 2e 5f 6d 4e 2e 5f 4c 31 50 67 45 78 2c 65 2e 67 65 74 45 6e 74 69 74 79 28 22 63 72 69 64 22 29 29 26 26 21 73 2e 63 68 65 63 6b 49 74 65 6d 45 78 69 73 74 73 28 6f 2e 5f 6d 4e 2e 5f 4c 31 50 67 45 78 2c 65 2e 67 65 74 45 6e 74 69 74 79 28 22 Data Ascii: &&(i+=["&","vgd_"+t,"=",encodeURIComponent(c[t])].join(""));return i}(),g=o._mN._hthChkURL+r;if(_mN._trunLogUrl&&(g=s.truncateUrl(g,_mN._trunLogUrl)),e=i,!s.checkItemExists(o._mN._L1PgEx,e.getEntity("crid"))&&!s.checkItemExists(o._mN._L1PgEx,e.getEntity("
2021-12-02 23:42:35 UTC	545	IN	Data Raw: 2e 67 65 74 49 74 65 6d 73 46 72 6f 6d 4d 61 63 72 6f 73 28 22 61 64 74 32 22 29 29 2c 4d 28 22 62 63 61 74 22 2c 43 28 5f 65 2e 5f 62 64 61 74 61 2c 22 62 63 61 74 22 29 29 2c 4d 28 22 77 65 62 5f 76 69 65 77 22 2c 7b 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 3b 69 66 28 45 65 2e 63 68 65 63 6b 49 74 65 6d 45 78 69 73 74 73 28 65 2c 22 77 76 29 22 29 7c 7c 45 65 2e 63 68 65 63 6b 49 74 65 6d 45 78 69 73 74 73 28 65 2c 22 41 6e 64 72 6f 69 64 20 34 2e 22 29 26 26 45 65 2e 63 68 65 63 6b 49 74 65 6d 45 78 69 73 74 73 28 65 2c 22 56 65 72 73 69 6f 6e 2f 22 29 29 72 65 74 75 72 6e 22 41 4e 44 52 4f 49 44 5f 57 45 42 56 49 45 57 22 3b 69 66 28 2f 69 50 68 6f 6e 65 7c 69 50 61 Data Ascii: .getItemsFromMacros("adt2")),M("bcat",C(_e._bdata,"bcat")),M("web_view",{value:function(){var e=navigator.userAgent;if(Ee.checkItemExists(e,"wv)")\|\|Ee.checkItemExists(e,"Android 4.")&&Ee.checkItemExists(e,"Version/"))return"ANDROID_WEBVIEW";if(/iPhone\|iPa
2021-12-02 23:42:35 UTC	553	IN	Data Raw: 68 65 63 6b 49 74 65 6d 45 78 69 73 74 73 49 6e 41 72 72 61 79 28 65 2c 22 72 65 6d 51 75 6f 74 65 22 29 26 26 28 74 3d 74 2e 72 65 70 6c 61 63 65 28 22 27 22 2c 22 22 29 29 2c 45 65 2e 63 68 65 63 6b 49 74 65 6d 45 78 69 73 74 73 49 6e 41 72 72 61 79 28 65 2c 22 72 65 6d 6f 76 65 41 6c 6c 22 29 26 26 28 74 3d 22 22 29 2c 74 29 29 2c 6b 65 28 46 28 22 63 72 65 66 22 29 29 26 26 72 65 28 22 63 72 65 66 22 2c 43 65 28 46 28 22 63 72 65 66 22 29 29 29 2c 6b 65 28 46 28 22 77 65 62 5f 76 69 65 77 22 29 29 26 26 72 65 28 22 77 65 62 5f 76 69 65 77 22 2c 46 28 22 77 65 62 5f 76 69 65 77 22 29 29 2c 22 54 42 35 35 4a 35 52 22 3d 3d 3d 5f 65 2e 5f 74 70 69 64 26 26 44 28 22 6b 77 72 66 22 2c 46 28 22 65 72 65 71 75 72 6c 22 29 2c 21 30 29 2c 21 6b 65 28 5f 65 2e Data Ascii: heckItemExistsInArray(e,"remQuote")&&(t=t.replace("'","")),Ee.checkItemExistsInArray(e,"removeAll")&&(t=""),t)),ke(F("cref"))&&re("cref",Ce(F("cref"))),ke(F("web_view"))&&re("web_view",F("web_view")),"TB55J5R"===_e._tpid&&D("kwrf",F("erequrl"),!0),!ke(_e.
2021-12-02 23:42:35 UTC	569	IN	Data Raw: 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 3b 72 65 74 75 72 6e 20 65 5b 73 5d 3d 61 2e 69 73 41 70 70 6c 69 63 61 62 6c 65 28 29 3f 22 31 22 3a 22 30 22 2c 65 7d 2c 74 68 69 73 2e 67 65 74 4c 44 50 46 6c 61 67 46 6f 72 48 42 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 74 68 69 73 2e 67 65 74 4d 61 63 72 6f 73 46 6f 72 48 42 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 3b 72 65 74 75 72 6e 20 65 2e 67 64 3d 61 2e 69 73 41 70 70 6c 69 63 61 62 6c 65 28 29 2c 65 7d 2c 74 68 69 73 2e 63 61 6c 6c 48 42 41 70 69 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 2c 74 3d 66 2e 67 65 74 52 65 71 75 69 72 65 4d 6f 64 75 6c 65 28 22 61 64 61 70 74 65 72 2d 63 6f 6e 73 74 61 6e 74 73 22 29 3b 72 65 74 75 72 6e 20 66 2e 69 73 53 65 74 28 Data Ascii: tion(){var e={};return e[s]=a.isApplicable()?"1":"0",e},this.getLDPFlagForHB=function(){},this.getMacrosForHB=function(){var e={};return e.gd=a.isApplicable(),e},this.callHBApis=function(){var e={},t=f.getRequireModule("adapter-constants");return f.isSet(
2021-12-02 23:42:35 UTC	593	IN	Data Raw: 22 29 7d 2c 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6d 65 73 73 61 67 65 22 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 74 3d 7b 7d 3b 74 72 79 7b 74 3d 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 6e 2e 64 61 74 61 3f 4a 53 4f 4e 2e 70 61 72 73 65 28 6e 2e 64 61 74 61 29 3a 6e 2e 64 61 74 61 7d 63 61 74 63 68 28 6e 29 7b 7d 76 61 72 20 69 3d 74 2e 5f 5f 74 63 66 61 70 69 52 65 74 75 72 6e 3b 69 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 63 5b 69 2e 63 61 6c 6c 49 64 5d 26 26 63 5b 69 2e 63 61 6c 6c 49 64 5d 28 69 2e 72 65 74 75 72 6e 56 61 6c 75 65 2c 69 2e 73 75 63 63 65 73 73 29 7d 2c 21 31 29 7d 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 Data Ascii: ")},window.addEventListener("message",function(n){var t={};try{t="string"==typeof n.data?JSON.parse(n.data):n.data}catch(n){}var i=t.__tcfapiReturn;i&&"function"==typeof c[i.callId]&&c[i.callId](i.returnValue,i.success)},!1)}!function(){var n=function(){f
2021-12-02 23:42:35 UTC	617	IN	Data Raw: 2c 69 2e 64 61 74 61 2c 6f 2c 72 2e 67 65 74 56 69 73 69 74 49 64 28 29 29 7d 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 69 2e 73 68 6f 75 6c 64 4f 76 65 72 72 69 64 65 4c 6f 67 46 75 6e 63 74 69 6f 6e 3f 69 2e 73 68 6f 75 6c 64 4f 76 65 72 72 69 64 65 4c 6f 67 46 75 6e 63 74 69 6f 6e 3a 22 69 66 72 22 3d 3d 6e 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 28 74 3d 67 28 74 3d 72 29 29 2e 76 67 64 5f 69 66 69 6d 70 3d 31 2c 74 3b 76 61 72 20 74 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 28 72 29 7d 2c 63 2e 74 72 69 67 67 65 72 41 64 54 61 67 45 76 65 6e 74 28 72 2e 67 65 74 45 6e 74 69 74 79 28 22 76 69 22 29 2c 22 56 49 4d 50 3a 3a 69 6e 69 74 4f 62 73 65 72 76 65 72 22 2c 21 30 2c 7b 74 61 72 67 65 74 45 6c Data Ascii: ,i.data,o,r.getVisitId())}:"function"==typeof i.shouldOverrideLogFunction?i.shouldOverrideLogFunction:"ifr"==n?function(){return(t=g(t=r)).vgd_ifimp=1,t;var t}:function(){return g(r)},c.triggerAdTagEvent(r.getEntity("vi"),"VIMP::initObserver",!0,{targetEl
2021-12-02 23:42:35 UTC	625	IN	Data Raw: 2e 41 44 56 42 49 44 5f 4f 42 4a 45 43 54 5d 5b 61 2e 41 50 49 35 5f 47 45 54 5f 41 44 58 5f 50 52 45 44 49 43 54 49 4f 4e 5d 29 26 26 28 6e 3d 73 5b 61 2e 41 44 56 42 49 44 5f 4f 42 4a 45 43 54 5d 5b 61 2e 41 50 49 35 5f 47 45 54 5f 41 44 58 5f 50 52 45 44 49 43 54 49 4f 4e 5d 28 41 2e 67 65 74 48 42 43 72 65 61 74 69 76 65 49 64 28 74 29 2c 69 2c 65 2c 49 5b 74 5d 29 29 2c 65 3d 6e 2c 63 2e 69 73 53 65 74 28 65 29 26 26 63 2e 69 73 53 65 74 28 65 5b 75 2e 42 49 44 5d 29 26 26 63 2e 69 73 46 75 6e 63 74 69 6f 6e 28 65 5b 75 2e 52 45 50 4f 52 54 5f 57 49 4e 5f 4f 52 5f 4c 4f 53 53 5f 43 41 4c 4c 42 41 43 4b 5d 29 3f 28 5f 28 5b 22 47 6f 74 20 48 62 2d 41 64 78 20 42 69 64 20 50 72 65 64 69 63 74 69 6f 6e 20 73 75 63 63 65 73 73 66 75 6c 6c 79 20 77 69 74 Data Ascii: .ADVBID_OBJECT][a.API5_GET_ADX_PREDICTION])&&(n=s[a.ADVBID_OBJECT][a.API5_GET_ADX_PREDICTION](A.getHBCreativeId(t),i,e,I[t])),e=n,c.isSet(e)&&c.isSet(e[u.BID])&&c.isFunction(e[u.REPORT_WIN_OR_LOSS_CALLBACK])?(_(["Got Hb-Adx Bid Prediction successfully wit
2021-12-02 23:42:35 UTC	641	IN	Data Raw: 59 21 42 20 61 73 73 75 6d 65 64 20 77 69 6e 6e 65 72 20 66 6f 72 20 72 65 61 73 6f 6e 3a 20 22 2b 65 2b 22 20 61 6e 64 20 62 69 64 64 65 72 20 69 64 3a 20 22 2b 69 2c 6e 2e 63 72 69 64 29 2c 74 5b 6b 2e 50 52 4f 56 49 44 45 52 5f 49 44 5d 3d 69 2c 74 5b 6b 2e 53 49 5a 45 5d 3d 6f 5b 57 2e 52 54 42 5f 53 49 5a 45 5d 3b 69 3d 6f 2e 72 70 3b 72 65 74 75 72 6e 20 65 21 3d 5a 2e 45 4d 50 54 59 5f 42 49 44 26 26 65 21 3d 5a 2e 4e 4f 5f 42 49 44 7c 7c 28 69 3d 22 30 2e 30 30 22 29 2c 74 5b 6b 2e 42 49 44 5d 3d 69 2c 74 5b 6b 2e 47 4f 4f 47 4c 45 5f 42 49 44 5d 3d 69 2c 74 5b 6b 2e 4e 4f 42 49 44 5f 52 45 41 53 4f 4e 5d 3d 65 2c 74 7d 66 75 6e 63 74 69 6f 6e 20 76 28 74 29 7b 76 61 72 20 65 2c 69 2c 64 3b 72 65 74 75 72 6e 21 30 3d 3d 3d 74 5b 6b 2e 4e 4f 42 49 Data Ascii: Y!B assumed winner for reason: "+e+" and bidder id: "+i,n.crid),t[k.PROVIDER_ID]=i,t[k.SIZE]=o[W.RTB_SIZE];i=o.rp;return e!=Z.EMPTY_BID&&e!=Z.NO_BID\|\|(i="0.00"),t[k.BID]=i,t[k.GOOGLE_BID]=i,t[k.NOBID_REASON]=e,t}function v(t){var e,i,d;return!0===t[k.NOBI
2021-12-02 23:42:35 UTC	665	IN	Data Raw: 61 72 20 65 3d 22 22 2c 72 3d 74 2e 67 65 74 45 6e 74 69 74 79 28 22 72 65 71 75 72 6c 22 2c 21 30 29 2c 65 3d 63 2e 69 73 49 6e 49 46 72 61 6d 65 43 61 6c 6c 28 29 26 26 21 63 2e 69 73 50 61 72 65 6e 74 41 63 63 65 73 73 69 62 6c 65 28 29 3f 72 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 74 3d 63 2e 67 65 74 54 6f 70 6d 6f 73 74 41 63 63 65 73 73 69 62 6c 65 57 69 6e 64 6f 77 28 29 7c 7c 21 31 2c 65 3d 74 26 26 74 2e 70 65 72 66 6f 72 6d 61 6e 63 65 26 26 74 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 67 65 74 45 6e 74 72 69 65 73 28 29 2c 72 3d 65 26 26 65 2e 6c 65 6e 67 74 68 3f 65 5b 30 5d 2e 6e 61 6d 65 3a 76 6f 69 64 20 30 7d 63 61 74 63 68 28 74 29 7b 72 65 74 75 72 6e 22 22 7d 72 65 74 75 72 6e 20 63 2e 69 73 53 74 72 69 6e 67 53 65 74 Data Ascii: ar e="",r=t.getEntity("requrl",!0),e=c.isInIFrameCall()&&!c.isParentAccessible()?r:function(){try{var t=c.getTopmostAccessibleWindow()\|\|!1,e=t&&t.performance&&t.performance.getEntries(),r=e&&e.length?e[0].name:void 0}catch(t){return""}return c.isStringSet
2021-12-02 23:42:35 UTC	689	IN	Data Raw: 6e 74 69 74 79 28 22 6e 6d 6f 76 6c 22 29 7c 7c 74 2e 67 65 74 45 6e 74 69 74 79 28 22 69 6e 73 6c 22 29 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 74 2c 72 2c 73 29 7b 76 61 72 20 6f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 2c 69 2c 6e 3b 6f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 65 3d 74 2c 69 3d 72 2c 6e 3d 73 2c 6c 2e 61 64 64 54 6f 44 65 6c 61 79 65 64 45 76 65 6e 74 51 75 65 75 65 28 22 63 61 6c 6c 73 65 74 74 69 6e 67 73 22 2c 6e 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3b 31 21 3d 3d 65 2e 67 65 74 45 6e 74 69 74 79 28 22 65 78 74 65 72 6e 61 6c 50 72 6f 76 53 68 6f 77 6e 22 29 26 26 28 79 28 65 29 3f 28 65 2e 61 64 64 45 6e 74 69 74 79 28 22 68 74 6d 6c 73 72 63 22 2c 22 31 22 29 2c 74 3d 75 28 65 2c 69 2c 21 30 29 2c 61 2e 72 Data Ascii: ntity("nmovl")\|\|t.getEntity("insl"))}function m(t,r,s){var o=function(){var e,i,n;o=function(){},e=t,i=r,n=s,l.addToDelayedEventQueue("callsettings",n,function(){var t;1!==e.getEntity("externalProvShown")&&(y(e)?(e.addEntity("htmlsrc","1"),t=u(e,i,!0),a.r

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.6	49787	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:42:35 UTC	0	OUT	GET /medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1 HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Referer: https://www.msn.com/de-ch/?ocid=iehp Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: contextual.media.net If-None-Match: "e68781cdaae1574dce2fccfea5cb29e3" Connection: Keep-Alive
2021-12-02 23:42:35 UTC	17	IN	HTTP/1.1 200 OK Server: Apache Content-Length: 412168 Content-Type: text/html;charset=UTF-8 x-mnt-h: 10-4 X-MNT-W: 8-34 ETag: "db541272bc5fe3e5b08680b778805039" Strict-Transport-Security: max-age=604800 x-mnet-hli: E Cache-Control: max-age=300 Expires: Thu, 02 Dec 2021 23:47:35 GMT Date: Thu, 02 Dec 2021 23:42:35 GMT Connection: close
2021-12-02 23:42:35 UTC	17	IN	Data Raw: 20 20 20 20 Data Ascii:
2021-12-02 23:42:35 UTC	17	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 20 30 70 78 3b 20 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 77 69 6e 64 6f 77 2e 6d 6e 6a 73 3d 77 69 6e 64 6f 77 2e 6d 6e 6a 73 7c 7c 7b 7d 2c 77 69 6e 64 6f 77 2e 6d 6e 6a 73 2e 45 52 50 3d 77 69 6e 64 6f 77 2e 6d 6e 6a 73 2e 45 52 50 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 6f 72 28 76 61 72 20 6c 3d 22 22 2c Data Ascii: <html><head></head><body style="margin: 0px; padding: 0px; background-color: transparent;"><script language="javascript" type="text/javascript">window.mnjs=window.mnjs\|\|{},window.mnjs.ERP=window.mnjs.ERP\|\|function(){"use strict";for(var l="",
2021-12-02 23:42:35 UTC	57	IN	Data Raw: 43 54 45 54 22 2c 22 41 50 50 4c 59 5f 47 4f 4f 47 4c 45 5f 52 45 53 54 52 49 43 54 49 4f 4e 22 2c 22 53 54 4f 50 5f 53 50 41 4d 22 2c 22 53 54 4f 50 5f 57 48 49 54 45 4f 50 53 22 5d 2c 53 39 39 3a 5b 5d 7d 2c 64 66 63 6e 73 74 3a 22 31 4e 59 2d 22 2c 70 73 70 3a 21 30 7d 2c 74 63 66 63 6f 6e 66 69 67 3a 7b 70 61 6d 3a 7b 31 3a 7b 74 70 3a 22 43 22 2c 61 63 74 3a 5b 22 44 49 53 41 42 4c 45 5f 43 4f 4f 4b 49 45 53 59 4e 43 22 2c 22 53 54 4f 50 5f 57 48 49 54 45 4f 50 53 22 2c 22 53 54 4f 50 5f 53 50 41 4d 22 5d 7d 2c 32 3a 7b 74 70 3a 22 46 22 2c 61 63 74 3a 5b 22 44 49 53 41 42 4c 45 5f 41 44 53 22 2c 22 53 54 4f 50 5f 4c 4f 47 47 49 4e 47 5f 56 49 53 49 54 4f 52 5f 49 44 22 2c 22 54 52 49 4d 5f 4c 41 53 54 5f 4f 43 54 45 54 22 5d 7d 2c 33 3a 7b 74 70 3a Data Ascii: CTET","APPLY_GOOGLE_RESTRICTION","STOP_SPAM","STOP_WHITEOPS"],S99:[]},dfcnst:"1NY-",psp:!0},tcfconfig:{pam:{1:{tp:"C",act:["DISABLE_COOKIESYNC","STOP_WHITEOPS","STOP_SPAM"]},2:{tp:"F",act:["DISABLE_ADS","STOP_LOGGING_VISITOR_ID","TRIM_LAST_OCTET"]},3:{tp:
2021-12-02 23:42:35 UTC	73	IN	Data Raw: 63 72 6f 6c 6c 48 65 69 67 68 74 2c 74 2e 6f 66 66 73 65 74 48 65 69 67 68 74 2c 65 2e 63 6c 69 65 6e 74 48 65 69 67 68 74 2c 65 2e 73 63 72 6f 6c 6c 48 65 69 67 68 74 2c 65 2e 6f 66 66 73 65 74 48 65 69 67 68 74 29 7d 63 61 74 63 68 28 72 29 7b 72 65 74 75 72 6e 20 30 7d 7d 66 75 6e 63 74 69 6f 6e 20 68 28 74 29 7b 74 72 79 7b 74 2e 66 72 61 6d 65 45 6c 65 6d 65 6e 74 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 21 30 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 76 28 74 2c 65 29 7b 72 65 74 75 72 6e 21 21 4f 28 74 29 26 26 28 4f 28 65 29 26 26 74 2e 69 6e 64 65 78 4f 66 28 65 29 21 3d 3d 2d 31 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 74 2c 65 29 7b 72 65 74 75 72 6e 21 21 4d 28 74 29 26 26 28 49 74 28 74 2c 66 75 6e 63 74 69 6f 6e 28 74 29 Data Ascii: crollHeight,t.offsetHeight,e.clientHeight,e.scrollHeight,e.offsetHeight)}catch(r){return 0}}function h(t){try{t.frameElement}catch(e){return!0}return!1}function v(t,e){return!!O(t)&&(O(e)&&t.indexOf(e)!==-1)}function m(t,e){return!!M(t)&&(It(t,function(t)
2021-12-02 23:42:35 UTC	89	IN	Data Raw: 6b 69 65 3b 72 65 74 75 72 6e 21 30 7d 63 61 74 63 68 28 74 29 7b 72 65 74 75 72 6e 21 31 7d 7d 66 75 6e 63 74 69 6f 6e 20 75 65 28 74 29 7b 69 66 28 21 61 65 28 29 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 65 3d 72 2e 63 6f 6f 6b 69 65 2e 69 6e 64 65 78 4f 66 28 74 2b 22 3d 22 29 2c 6e 3d 65 2b 74 2e 6c 65 6e 67 74 68 2b 31 3b 69 66 28 21 65 26 26 74 21 3d 3d 72 2e 63 6f 6f 6b 69 65 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 74 2e 6c 65 6e 67 74 68 29 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 69 66 28 65 3d 3d 3d 2d 31 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 69 3d 72 2e 63 6f 6f 6b 69 65 2e 69 6e 64 65 78 4f 66 28 22 3b 22 2c 6e 29 3b 72 65 74 75 72 6e 20 69 3d 3d 3d 2d 31 26 26 28 69 3d 72 2e 63 6f 6f 6b 69 65 2e 6c 65 6e 67 74 68 29 2c 75 Data Ascii: kie;return!0}catch(t){return!1}}function ue(t){if(!ae())return null;var e=r.cookie.indexOf(t+"="),n=e+t.length+1;if(!e&&t!==r.cookie.substring(0,t.length))return null;if(e===-1)return null;var i=r.cookie.indexOf(";",n);return i===-1&&(i=r.cookie.length),u
2021-12-02 23:42:35 UTC	137	IN	Data Raw: 7b 72 2e 51 65 28 65 29 7c 7c 28 65 3d 5b 65 5d 29 2c 74 3d 6f 28 74 29 2c 6e 3d 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 72 2e 61 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 72 3d 61 2e 48 28 65 2c 74 2c 6e 29 3b 73 77 69 74 63 68 28 74 2e 74 79 70 65 29 7b 63 61 73 65 22 69 6d 67 22 3a 73 28 65 2c 72 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 73 63 72 69 70 74 22 3a 69 28 65 2c 74 2c 72 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 78 68 72 22 3a 75 28 65 2c 74 2c 72 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 73 62 22 3a 66 28 65 2c 74 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 69 66 53 63 72 22 3a 64 28 65 2c 74 2c 72 29 7d 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 69 28 74 2c 6e 2c 61 29 7b 6e 2e 66 6f 72 63 65 50 72 6f 74 6f 63 6f 6c 3d 3d 3d 21 30 26 26 Data Ascii: {r.Qe(e)\|\|(e=[e]),t=o(t),n=n\|\|function(){},r.a(e,function(e){var r=a.H(e,t,n);switch(t.type){case"img":s(e,r);break;case"script":i(e,t,r);break;case"xhr":u(e,t,r);break;case"sb":f(e,t);break;case"ifScr":d(e,t,r)}})}function i(t,n,a){n.forceProtocol===!0&&
2021-12-02 23:42:35 UTC	161	IN	Data Raw: 5b 72 5d 29 26 26 28 63 2e 72 65 73 75 6c 74 5b 72 5d 3d 22 50 4f 53 54 22 29 7d 72 65 74 75 72 6e 20 63 2e 72 65 73 75 6c 74 5b 72 5d 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 72 29 7b 69 66 28 22 50 4f 53 54 22 3d 3d 3d 65 29 72 65 74 75 72 6e 20 6f 2e 6c 6f 67 55 72 6c 73 2e 70 6f 67 3b 76 61 72 20 6e 3d 75 28 72 29 3b 72 65 74 75 72 6e 22 6f 72 22 3d 3d 3d 6e 3f 6f 2e 6c 6f 67 55 72 6c 73 2e 6f 67 6f 72 65 67 6f 6e 3a 6f 2e 6c 6f 67 55 72 6c 73 2e 6f 67 7d 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 72 65 74 75 72 6e 20 6f 2e 6c 6f 67 55 72 6c 73 2e 70 6e 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 2c 6f 29 7b 72 65 74 75 72 6e 20 66 28 65 2c 6f 29 2b 61 28 29 7d 66 75 6e 63 74 69 6f 6e 20 70 28 29 7b 72 65 74 75 72 6e 20 6f 2e 6c 6f 67 55 72 6c 73 2e 63 72 6c Data Ascii: [r])&&(c.result[r]="POST")}return c.result[r]}function f(e,r){if("POST"===e)return o.logUrls.pog;var n=u(r);return"or"===n?o.logUrls.ogoregon:o.logUrls.og}function a(){return o.logUrls.pn}function d(e,o){return f(e,o)+a()}function p(){return o.logUrls.crl
2021-12-02 23:42:35 UTC	185	IN	Data Raw: 30 7d 66 75 6e 63 74 69 6f 6e 20 4a 6e 28 29 7b 72 65 74 75 72 6e 20 74 2e 5a 54 28 68 75 29 26 26 74 2e 5a 54 28 46 75 29 26 26 21 74 2e 56 6d 28 45 75 2e 52 45 46 45 52 52 45 52 29 26 26 28 45 75 2e 52 45 46 45 52 52 45 52 3d 46 75 2e 67 65 74 43 6c 65 61 6e 52 65 66 65 72 72 65 72 55 72 6c 28 68 75 2e 67 65 74 52 65 66 65 72 72 65 72 55 72 6c 43 6f 6e 76 65 6e 74 69 6f 6e 61 6c 57 61 79 28 29 29 2c 74 2e 56 47 28 45 75 2e 52 45 46 45 52 52 45 52 29 3d 3d 3d 21 30 26 26 28 45 75 2e 52 45 46 45 52 52 45 52 3d 74 2e 59 28 45 75 2e 52 45 46 45 52 52 45 52 29 29 2c 7a 6e 28 29 3d 3d 3d 45 75 2e 52 45 46 45 52 52 45 52 26 26 28 45 75 2e 52 45 46 45 52 52 45 52 3d 22 22 29 29 2c 45 75 2e 52 45 46 45 52 52 45 52 7c 7c 22 22 7d 66 75 6e 63 74 69 6f 6e 20 51 6e Data Ascii: 0}function Jn(){return t.ZT(hu)&&t.ZT(Fu)&&!t.Vm(Eu.REFERRER)&&(Eu.REFERRER=Fu.getCleanReferrerUrl(hu.getReferrerUrlConventionalWay()),t.VG(Eu.REFERRER)===!0&&(Eu.REFERRER=t.Y(Eu.REFERRER)),zn()===Eu.REFERRER&&(Eu.REFERRER="")),Eu.REFERRER\|\|""}function Qn
2021-12-02 23:42:35 UTC	209	IN	Data Raw: 6e 20 6e 3d 74 2c 74 68 69 73 7d 2c 74 68 69 73 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 72 29 7b 72 65 74 75 72 6e 20 6e 5b 74 5d 3d 72 2c 74 68 69 73 7d 2c 74 68 69 73 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 5b 74 5d 7d 2c 74 68 69 73 2e 67 65 74 42 79 50 61 74 68 3d 66 75 6e 63 74 69 6f 6e 28 72 29 7b 72 65 74 75 72 6e 20 74 2e 75 28 6e 2c 72 29 7d 2c 74 68 69 73 2e 73 65 72 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 2e 6b 28 7b 7d 2c 6e 29 7d 2c 74 68 69 73 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 74 29 7d 7d 72 65 74 75 72 6e 20 6e 7d 29 3b 5f 63 44 28 22 62 69 Data Ascii: n n=t,this},this.set=function(t,r){return n[t]=r,this},this.get=function(t){return n[t]},this.getByPath=function(r){return t.u(n,r)},this.serialize=function(){return t.k({},n)},this.hasOwnProperty=function(t){return n.hasOwnProperty(t)}}return n});_cD("bi
2021-12-02 23:42:35 UTC	233	IN	Data Raw: 74 63 68 65 72 2e 61 70 70 65 6e 64 28 74 2c 74 68 69 73 2e 4c 4f 47 5f 54 59 50 45 29 7d 2c 74 68 69 73 2e 72 65 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 65 2e 64 69 73 70 61 74 63 68 65 72 2e 66 69 72 65 28 29 7d 2c 74 2e 6c 28 22 61 6c 6c 3a 72 65 73 65 74 22 2c 22 63 6f 6d 6d 61 6e 64 22 2c 69 29 7d 72 65 74 75 72 6e 20 73 7d 29 3b 5f 63 44 28 22 6c 6f 67 64 69 73 70 61 74 63 68 73 65 72 76 69 63 65 22 2c 5b 22 5f 22 2c 22 65 6d 22 2c 22 6c 6f 67 73 65 6c 66 64 69 73 70 61 74 63 68 65 72 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 72 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 72 65 74 75 72 6e 20 72 2e 69 73 48 65 74 65 72 6f 67 65 6e 65 6f 75 73 4c 6f 67 67 69 6e 67 45 6e 61 62 6c 65 64 28 65 29 3f Data Ascii: tcher.append(t,this.LOG_TYPE)},this.reset=function(){e.dispatcher.fire()},t.l("all:reset","command",i)}return s});_cD("logdispatchservice",["_","em","logselfdispatcher"],function(e,r,n){"use strict";function t(e){return r.isHeterogeneousLoggingEnabled(e)?
2021-12-02 23:42:35 UTC	257	IN	Data Raw: 75 6e 63 74 69 6f 6e 20 74 28 65 2c 74 29 7b 72 65 74 75 72 6e 22 39 39 22 21 3d 3d 74 2e 62 72 49 64 26 26 22 31 30 31 22 21 3d 3d 74 2e 62 72 49 64 7c 7c 65 2e 73 65 74 28 22 6f 67 62 64 70 22 2c 22 30 22 29 2e 73 65 74 28 22 62 64 70 22 2c 22 30 22 29 2e 73 65 74 28 22 63 62 64 70 22 2c 22 30 22 29 2e 73 65 74 28 22 64 66 70 42 64 22 2c 22 30 22 29 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 73 28 65 2c 74 2c 73 2c 69 29 7b 76 61 72 20 64 3d 74 2e 63 72 69 64 2c 61 3d 74 2e 61 63 69 64 2c 63 3d 74 2e 73 62 64 72 69 64 7c 7c 72 2e 53 79 28 64 2c 61 29 7c 7c 22 22 2c 6d 3d 74 2e 69 73 6e 61 74 3f 70 2e 67 65 74 54 65 6d 70 6c 61 74 65 4b 65 79 46 6f 72 4e 61 74 69 76 65 53 6c 6f 74 28 64 29 3a 22 22 3b 72 65 74 75 72 6e 20 6f 2e 73 65 74 43 6f 6d 6d 6f 6e 50 72 Data Ascii: unction t(e,t){return"99"!==t.brId&&"101"!==t.brId\|\|e.set("ogbdp","0").set("bdp","0").set("cbdp","0").set("dfpBd","0"),e}function s(e,t,s,i){var d=t.crid,a=t.acid,c=t.sbdrid\|\|r.Sy(d,a)\|\|"",m=t.isnat?p.getTemplateKeyForNativeSlot(d):"";return o.setCommonPr
2021-12-02 23:42:35 UTC	305	IN	Data Raw: 64 65 6c 3b 64 2e 73 65 74 28 22 6e 61 6d 65 22 2c 74 2e 6e 61 6d 65 7c 7c 22 55 4e 4b 4e 4f 57 4e 22 29 2e 73 65 74 28 22 73 74 61 63 6b 22 2c 74 2e 6d 65 73 73 61 67 65 7c 7c 22 4e 4f 4e 45 22 29 2e 73 65 74 28 22 63 72 69 64 22 2c 74 2e 63 72 69 64 7c 7c 22 22 29 2e 73 65 74 28 22 64 66 70 44 69 76 22 2c 74 2e 73 6c 6f 74 49 64 7c 7c 22 22 29 2e 73 65 74 28 22 70 76 69 64 22 2c 74 2e 70 76 69 64 7c 7c 22 22 29 2e 73 65 74 28 22 64 66 70 42 64 22 2c 74 2e 64 66 70 62 64 7c 7c 22 22 29 2e 73 65 74 28 22 6c 69 64 22 2c 74 2e 6c 69 7c 7c 22 22 29 2e 73 65 74 28 22 74 72 65 66 22 2c 74 2e 72 63 74 72 3e 30 29 2e 73 65 74 28 22 72 66 63 22 2c 74 2e 72 63 74 72 29 2e 73 65 74 28 22 63 70 72 22 2c 31 65 33 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2e 73 65 Data Ascii: del;d.set("name",t.name\|\|"UNKNOWN").set("stack",t.message\|\|"NONE").set("crid",t.crid\|\|"").set("dfpDiv",t.slotId\|\|"").set("pvid",t.pvid\|\|"").set("dfpBd",t.dfpbd\|\|"").set("lid",t.li\|\|"").set("tref",t.rctr>0).set("rfc",t.rctr).set("cpr",1e3*Math.random()).se
2021-12-02 23:42:35 UTC	329	IN	Data Raw: 7b 7d 2c 6f 74 3d 7b 7d 2c 61 74 3d 7b 7d 2c 75 74 3d 5b 5d 2c 73 74 3d 7b 7d 2c 63 74 3d 7b 7d 2c 70 74 3d 74 68 69 73 3b 74 68 69 73 2e 67 65 74 50 72 6f 76 69 64 65 72 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 75 74 7d 2c 74 68 69 73 2e 69 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 7d 2c 74 68 69 73 2e 67 65 74 52 65 71 75 65 73 74 43 6f 75 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 24 7d 2c 74 68 69 73 2e 73 65 74 4e 65 74 77 6f 72 6b 54 69 6d 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 73 74 3d 74 7d 2c 74 68 69 73 2e 61 64 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 24 2b 2b 2c 70 74 2e 61 74 74 61 63 68 4c 69 73 74 65 6e 65 72 73 28 6e 29 3b 76 61 72 20 72 3d 74 2e 67 65 74 28 73 2e 50 72 Data Ascii: {},ot={},at={},ut=[],st={},ct={},pt=this;this.getProviders=function(){return ut},this.id=function(){return n},this.getRequestCount=function(){return $},this.setNetworkTime=function(t){st=t},this.add=function(t,n){$++,pt.attachListeners(n);var r=t.get(s.Pr
2021-12-02 23:42:35 UTC	353	IN	Data Raw: 6c 6c 28 29 29 7d 66 75 6e 63 74 69 6f 6e 20 73 28 6e 29 7b 65 2e 5a 54 28 70 29 26 26 65 2e 5a 54 28 70 2e 67 65 74 41 6c 6c 28 29 29 26 26 6e 2e 70 61 72 73 65 28 70 2e 67 65 74 41 6c 6c 28 29 29 7d 66 75 6e 63 74 69 6f 6e 20 72 28 6e 29 7b 65 2e 5a 54 28 64 29 26 26 65 2e 5a 54 28 64 2e 67 65 74 41 6c 6c 28 29 29 26 26 6e 2e 70 61 72 73 65 28 64 2e 67 65 74 41 6c 6c 28 29 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 6e 29 7b 65 2e 5a 54 28 66 29 26 26 6e 2e 70 61 72 73 65 28 66 29 7d 66 75 6e 63 74 69 6f 6e 20 61 28 65 29 7b 72 65 74 75 72 6e 20 74 28 65 29 2c 73 28 65 29 2c 72 28 65 29 2c 6f 28 65 29 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 63 28 65 2c 6e 29 7b 76 61 72 20 74 3d 65 2e 67 65 74 50 72 6f 76 69 64 65 72 43 6f 6e 66 69 67 46 6f 72 53 6c 6f 74 28 29 Data Ascii: ll())}function s(n){e.ZT(p)&&e.ZT(p.getAll())&&n.parse(p.getAll())}function r(n){e.ZT(d)&&e.ZT(d.getAll())&&n.parse(d.getAll())}function o(n){e.ZT(f)&&n.parse(f)}function a(e){return t(e),s(e),r(e),o(e),e}function c(e,n){var t=e.getProviderConfigForSlot()
2021-12-02 23:42:35 UTC	377	IN	Data Raw: 6f 6d 43 6f 6f 6b 69 65 53 79 6e 63 29 26 26 21 73 2e 69 73 41 63 74 69 6f 6e 41 70 70 6c 69 63 61 62 6c 65 28 22 44 49 53 41 42 4c 45 5f 43 4f 4f 4b 49 45 53 59 4e 43 22 29 3f 6f 2e 64 6f 43 75 73 74 6f 6d 43 6f 6f 6b 69 65 53 79 6e 63 28 29 3a 74 2e 70 75 73 68 28 65 29 7d 29 2c 54 28 74 29 29 7d 66 75 6e 63 74 69 6f 6e 20 5a 28 29 7b 59 3d 21 30 3b 76 61 72 20 6e 3d 62 28 29 3b 46 28 6e 29 2c 68 28 6e 29 2c 79 28 29 7d 66 75 6e 63 74 69 6f 6e 20 79 28 29 7b 76 61 72 20 6e 3d 61 2e 67 65 74 45 78 70 69 72 79 4c 65 66 74 46 72 6f 6d 43 6f 6f 6b 69 65 28 29 2c 65 3d 61 2e 63 68 65 63 6b 46 6f 72 43 6f 6f 6b 69 65 44 65 6c 65 74 69 6f 6e 28 71 28 29 29 3b 28 6e 3c 3d 30 7c 7c 65 29 26 26 61 2e 64 65 6c 65 74 65 43 6f 6f 6b 69 65 28 29 2c 61 2e 64 65 6c 65 Data Ascii: omCookieSync)&&!s.isActionApplicable("DISABLE_COOKIESYNC")?o.doCustomCookieSync():t.push(e)}),T(t))}function Z(){Y=!0;var n=b();F(n),h(n),y()}function y(){var n=a.getExpiryLeftFromCookie(),e=a.checkForCookieDeletion(q());(n<=0\|\|e)&&a.deleteCookie(),a.dele
2021-12-02 23:42:35 UTC	401	IN	Data Raw: 7b 76 61 72 20 74 3d 61 2e 67 65 74 49 6e 66 6f 28 22 6c 73 22 29 3b 69 66 28 65 2e 5a 54 28 74 29 29 7b 76 61 72 20 72 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 74 29 3b 72 65 74 75 72 6e 20 72 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 6e 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 76 28 29 7b 76 61 72 20 6e 3d 72 2e 6c 56 28 29 2c 74 3d 72 2e 67 63 28 29 26 26 21 72 2e 51 6e 28 29 3b 72 65 74 75 72 6e 21 28 65 2e 5a 54 28 6e 29 7c 7c 74 7c 7c 21 61 2e 4a 62 28 29 29 26 26 28 21 65 2e 69 28 4f 29 7c 7c 21 31 29 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 29 7b 72 65 74 75 72 6e 20 73 28 29 2c 43 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6b 28 29 7b 76 61 72 20 6e 3d 28 6e 65 77 20 44 61 74 65 29 2e 67 Data Ascii: {var t=a.getInfo("ls");if(e.ZT(t)){var r=JSON.parse(t);return r.hasOwnProperty(n)}return!1}function v(){var n=r.lV(),t=r.gc()&&!r.Qn();return!(e.ZT(n)\|\|t\|\|!a.Jb())&&(!e.i(O)\|\|!1)}function p(e){return s(),C.hasOwnProperty(e)}function k(){var n=(new Date).g
2021-12-02 23:42:35 UTC	425	IN	Data Raw: 74 68 69 73 7d 2c 74 68 69 73 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 69 29 7b 72 65 74 75 72 6e 20 65 5b 74 5d 3d 69 2c 74 68 69 73 7d 2c 74 68 69 73 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 65 5b 74 5d 7d 2c 74 68 69 73 2e 70 72 6f 76 69 64 65 72 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 74 2e 5a 54 28 65 29 29 72 65 74 75 72 6e 20 69 2e 73 65 74 28 22 70 72 76 22 2c 65 29 2c 74 68 69 73 3b 76 61 72 20 72 3d 69 2e 67 65 74 28 22 70 72 76 22 29 3b 72 65 74 75 72 6e 20 72 2e 77 68 65 72 65 28 7b 7d 29 7d 2c 74 68 69 73 2e 69 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 69 2e 67 65 74 28 22 63 72 69 64 22 29 7d 2c 74 68 69 73 2e 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e Data Ascii: this},this.set=function(t,i){return e[t]=i,this},this.get=function(t){return e[t]},this.providers=function(e){if(t.ZT(e))return i.set("prv",e),this;var r=i.get("prv");return r.where({})},this.id=function(){return i.get("crid")},this.code=function(){return
2021-12-02 23:42:35 UTC	449	IN	Data Raw: 69 6f 6e 28 74 2c 6e 2c 69 2c 72 2c 63 2c 6f 2c 73 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 69 2e 63 61 6c 6c 28 74 68 69 73 29 2c 74 68 69 73 2e 69 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 67 65 74 28 22 62 67 69 64 22 29 7d 2c 74 68 69 73 2e 61 6c 69 61 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 67 65 74 28 22 62 67 61 6c 73 22 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 75 28 29 7b 63 2e 63 61 6c 6c 28 74 68 69 73 29 7d 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 76 61 72 20 69 3d 6e 2e 62 69 64 64 65 72 47 72 6f 75 70 73 7c 7c 7b 7d 3b 74 2e 61 28 69 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 2e 61 64 64 28 28 6e 65 77 20 61 29 2e 63 6f 6e 66 69 67 28 74 29 Data Ascii: ion(t,n,i,r,c,o,s){"use strict";function a(){i.call(this),this.id=function(){return this.get("bgid")},this.alias=function(){return this.get("bgals")}}function u(){c.call(this)}function e(){var i=n.bidderGroups\|\|{};t.a(i,function(t){f.add((new a).config(t)
2021-12-02 23:42:35 UTC	473	IN	Data Raw: 7c 7c 6e 75 6c 6c 7d 2c 74 68 69 73 2e 67 65 74 57 69 6e 6e 69 6e 67 42 69 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 69 29 7b 69 66 28 69 21 3d 3d 21 30 26 26 46 28 29 2c 30 3d 3d 3d 63 74 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 20 65 74 2e 69 73 57 69 6e 6e 65 72 44 65 63 3d 21 30 2c 65 3f 5b 6e 75 6c 6c 2c 6e 75 6c 6c 5d 3a 6e 75 6c 6c 3b 69 66 28 65 74 2e 69 73 57 69 6e 6e 65 72 44 65 63 29 72 65 74 75 72 6e 20 57 28 65 29 3b 69 66 28 53 28 29 2c 4d 28 29 2c 63 74 2e 6c 65 6e 67 74 68 3e 30 29 7b 76 61 72 20 6e 3d 63 74 5b 30 5d 3b 77 28 6e 29 26 26 28 6e 2e 73 65 74 28 22 69 77 62 22 2c 22 31 22 29 2c 65 74 2e 68 61 73 41 6e 79 57 69 6e 42 69 64 3d 21 30 29 7d 76 61 72 20 72 3d 57 28 65 29 2c 73 3d 74 2e 51 65 28 72 29 3f 72 5b 30 5d 3a 72 3b 72 65 74 Data Ascii: \|\|null},this.getWinningBid=function(e,i){if(i!==!0&&F(),0===ct.length)return et.isWinnerDec=!0,e?[null,null]:null;if(et.isWinnerDec)return W(e);if(S(),M(),ct.length>0){var n=ct[0];w(n)&&(n.set("iwb","1"),et.hasAnyWinBid=!0)}var r=W(e),s=t.Qe(r)?r[0]:r;ret
2021-12-02 23:42:35 UTC	521	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 6d 28 65 29 7b 69 66 28 77 69 6e 64 6f 77 2e 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 63 61 62 75 63 6b 22 29 29 7b 76 61 72 20 6e 3d 77 69 6e 64 6f 77 2e 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 63 61 62 75 63 6b 22 29 2c 72 3d 6e 65 77 20 44 61 74 65 28 77 69 6e 64 6f 77 2e 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 63 62 65 78 70 22 29 29 3b 72 65 74 75 72 6e 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 3e 72 2e 67 65 74 54 69 6d 65 28 29 3f 6e 75 6c 6c 3a 74 2e 57 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 29 3d 3d 3d 6e 29 72 65 74 75 72 6e 20 65 7d 29 7d 72 65 Data Ascii: function m(e){if(window.sessionStorage.getItem("cabuck")){var n=window.sessionStorage.getItem("cabuck"),r=new Date(window.sessionStorage.getItem("cbexp"));return(new Date).getTime()>r.getTime()?null:t.W(e,function(e){if(JSON.stringify(e)===n)return e})}re
2021-12-02 23:42:35 UTC	537	IN	Data Raw: 28 29 29 2c 6e 2e 70 75 73 68 28 75 29 7d 7d 2c 74 68 69 73 2e 67 65 74 42 75 69 6c 64 42 69 64 44 61 74 61 43 61 6c 6c 62 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 2e 48 28 69 2e 62 75 69 6c 64 42 69 64 44 61 74 61 2c 5b 69 2e 68 61 6e 64 6c 65 42 69 64 73 46 6f 72 41 75 63 74 69 6f 6e 5d 29 7d 2c 74 68 69 73 2e 62 75 69 6c 64 42 69 64 44 61 74 61 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 6f 72 28 76 61 72 20 64 3d 65 2e 41 5a 28 29 2c 61 3d 30 2c 73 3d 6e 2e 6c 65 6e 67 74 68 3b 61 3c 73 3b 61 2b 2b 29 7b 76 61 72 20 72 3d 6e 5b 61 5d 3b 74 28 69 2e 67 65 74 44 65 66 61 75 6c 74 42 69 64 46 6f 72 50 6c 61 63 65 6d 65 6e 74 28 72 2c 64 29 2c 72 2c 61 3d 3d 3d 6e 2e 6c 65 6e 67 74 68 2d 31 29 7d 6e 3d 5b 5d 7d 2c 74 68 69 73 2e Data Ascii: ()),n.push(u)}},this.getBuildBidDataCallback=function(){return e.H(i.buildBidData,[i.handleBidsForAuction])},this.buildBidData=function(t){for(var d=e.AZ(),a=0,s=n.length;a<s;a++){var r=n[a];t(i.getDefaultBidForPlacement(r,d),r,a===n.length-1)}n=[]},this.
2021-12-02 23:42:35 UTC	577	IN	Data Raw: 28 6f 29 7b 76 61 72 20 73 3d 6f 2e 67 65 74 28 22 73 7a 22 29 3b 65 2e 5a 54 28 73 29 26 26 28 72 2e 73 69 7a 65 73 2e 70 75 73 68 28 6f 2e 67 65 74 28 22 73 7a 22 29 29 2c 72 2e 65 70 63 2e 70 75 73 68 28 69 2e 67 65 74 45 78 74 65 72 6e 61 6c 50 6c 61 63 65 6d 65 6e 74 43 6f 64 65 28 6f 2c 74 29 29 29 7d 29 2c 72 29 3a 72 7d 2c 74 68 69 73 2e 67 65 74 45 78 74 65 72 6e 61 6c 50 6c 61 63 65 6d 65 6e 74 43 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 65 2e 67 65 74 28 22 65 70 63 22 29 7c 7c 74 2e 67 65 74 28 22 63 72 69 64 22 29 7d 2c 74 68 69 73 2e 70 61 72 73 65 45 61 63 68 50 72 6f 76 69 64 65 72 52 65 73 70 6f 6e 73 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 6f 29 7b 76 61 72 20 73 3d 74 2e 67 65 74 50 72 6f 76 69 64 Data Ascii: (o){var s=o.get("sz");e.ZT(s)&&(r.sizes.push(o.get("sz")),r.epc.push(i.getExternalPlacementCode(o,t)))}),r):r},this.getExternalPlacementCode=function(e,t){return e.get("epc")\|\|t.get("crid")},this.parseEachProviderResponse=function(t,r,o){var s=t.getProvid
2021-12-02 23:42:35 UTC	609	IN	Data Raw: 73 2e 73 65 6f 3f 73 65 74 54 69 6d 65 6f 75 74 28 65 2e 48 28 64 2e 69 6e 69 74 2c 5b 5d 2c 64 29 2c 30 29 3a 64 2e 69 6e 69 74 28 29 7d 29 3b 7d 20 63 61 74 63 68 20 28 65 72 72 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 68 62 43 4d 42 69 64 78 63 2e 65 72 72 6f 72 20 3d 20 65 72 72 3b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 68 62 43 4d 42 69 64 78 63 2e 63 61 74 63 68 43 6f 6e 73 74 61 6e 74 73 20 3d 20 7b 22 6e 61 6d 65 22 3a 22 68 62 43 4d 42 69 64 65 78 63 68 61 6e 67 65 22 2c 22 74 79 70 65 22 3a 22 48 42 2d 43 4d 22 2c 22 73 76 72 22 3a 22 32 30 32 31 31 31 31 30 31 33 5f 31 37 30 22 2c 22 73 65 72 76 6e 61 6d 65 22 3a 22 68 62 63 6d 5f 6e 61 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 68 62 43 4d 42 69 64 65 78 63 68 61 6e 67 65 20 65 6e 63 6f 75 6e 74 Data Ascii: s.seo?setTimeout(e.H(d.init,[],d),0):d.init()});} catch (err) { window.hbCMBidxc.error = err; window.hbCMBidxc.catchConstants = {"name":"hbCMBidexchange","type":"HB-CM","svr":"2021111013_170","servname":"hbcm_na","message":"hbCMBidexchange encount
2021-12-02 23:42:35 UTC	649	IN	Data Raw: 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 2c 69 3b 21 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 65 2e 64 69 76 49 64 29 26 26 65 2e 73 6c 6f 74 49 64 26 26 28 28 74 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 69 66 72 61 6d 65 49 64 29 29 26 26 28 74 2e 77 69 64 74 68 3d 65 2e 77 69 64 74 68 2c 74 2e 68 65 69 67 68 74 3d 65 2e 68 65 69 67 68 74 29 2c 69 3d 67 65 74 53 69 7a 65 41 72 72 61 79 49 6e 49 6e 74 28 65 2e 73 69 7a 65 4c 69 73 74 2c 65 2e 77 69 64 74 68 2c 65 2e 68 65 69 67 68 74 29 2c 77 69 6e 64 6f 77 2e 6d 65 64 69 61 6e 65 74 5f 74 61 67 69 64 3d 65 2e 74 61 67 69 64 2c 77 69 6e 64 6f 77 2e 6d 65 64 69 61 6e 65 74 5f 64 66 70 56 Data Ascii: =function(e){var t,i;!document.getElementById(e.divId)&&e.slotId&&((t=window.parent.document.getElementById(iframeId))&&(t.width=e.width,t.height=e.height),i=getSizeArrayInInt(e.sizeList,e.width,e.height),window.medianet_tagid=e.tagid,window.medianet_dfpV
2021-12-02 23:42:35 UTC	681	IN	Data Raw: 61 6c 6c 3a 67 2c 67 65 74 52 61 6e 64 6f 6d 3a 77 2c 69 73 50 65 72 63 65 6e 74 41 70 70 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 77 28 31 2c 31 30 30 29 3c 3d 70 61 72 73 65 49 6e 74 28 65 2c 31 30 29 7d 2c 67 65 74 50 61 72 61 6d 56 61 6c 75 65 46 72 6f 6d 55 72 6c 41 73 41 72 72 61 79 3a 61 2e 75 72 75 2e 67 65 74 50 61 72 61 6d 56 61 6c 75 65 46 72 6f 6d 55 72 6c 41 73 41 72 72 61 79 2c 47 65 74 50 61 72 61 6d 56 61 6c 75 65 46 72 6f 6d 55 72 6c 3a 61 2e 75 72 75 2e 47 65 74 50 61 72 61 6d 56 61 6c 75 65 46 72 6f 6d 55 72 6c 2c 63 68 65 63 6b 55 72 6c 44 65 63 6f 64 69 6e 67 45 6e 63 6f 64 69 6e 67 3a 61 2e 75 72 75 2e 63 68 65 63 6b 55 72 6c 44 65 63 6f 64 69 6e 67 45 6e 63 6f 64 69 6e 67 2c 65 76 65 6e 74 4c 69 62 3a 61 2e 65 76 Data Ascii: all:g,getRandom:w,isPercentApp:function(e){return w(1,100)<=parseInt(e,10)},getParamValueFromUrlAsArray:a.uru.getParamValueFromUrlAsArray,GetParamValueFromUrl:a.uru.GetParamValueFromUrl,checkUrlDecodingEncoding:a.uru.checkUrlDecodingEncoding,eventLib:a.ev
2021-12-02 23:42:35 UTC	692	IN	Data Raw: 26 26 28 69 2b 3d 5b 22 26 22 2c 22 76 67 64 5f 22 2b 74 2c 22 3d 22 2c 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 63 5b 74 5d 29 5d 2e 6a 6f 69 6e 28 22 22 29 29 3b 72 65 74 75 72 6e 20 69 7d 28 29 2c 67 3d 6f 2e 5f 6d 4e 2e 5f 68 74 68 43 68 6b 55 52 4c 2b 72 3b 69 66 28 5f 6d 4e 2e 5f 74 72 75 6e 4c 6f 67 55 72 6c 26 26 28 67 3d 73 2e 74 72 75 6e 63 61 74 65 55 72 6c 28 67 2c 5f 6d 4e 2e 5f 74 72 75 6e 4c 6f 67 55 72 6c 29 29 2c 65 3d 69 2c 21 73 2e 63 68 65 63 6b 49 74 65 6d 45 78 69 73 74 73 28 6f 2e 5f 6d 4e 2e 5f 4c 31 50 67 45 78 2c 65 2e 67 65 74 45 6e 74 69 74 79 28 22 63 72 69 64 22 29 29 26 26 21 73 2e 63 68 65 63 6b 49 74 65 6d 45 78 69 73 74 73 28 6f 2e 5f 6d 4e 2e 5f 4c 31 50 67 45 78 2c 65 2e 67 65 74 45 6e 74 69 74 79 28 22 Data Ascii: &&(i+=["&","vgd_"+t,"=",encodeURIComponent(c[t])].join(""));return i}(),g=o._mN._hthChkURL+r;if(_mN._trunLogUrl&&(g=s.truncateUrl(g,_mN._trunLogUrl)),e=i,!s.checkItemExists(o._mN._L1PgEx,e.getEntity("crid"))&&!s.checkItemExists(o._mN._L1PgEx,e.getEntity("
2021-12-02 23:42:35 UTC	708	IN	Data Raw: 2e 67 65 74 49 74 65 6d 73 46 72 6f 6d 4d 61 63 72 6f 73 28 22 61 64 74 32 22 29 29 2c 4d 28 22 62 63 61 74 22 2c 43 28 5f 65 2e 5f 62 64 61 74 61 2c 22 62 63 61 74 22 29 29 2c 4d 28 22 77 65 62 5f 76 69 65 77 22 2c 7b 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 3b 69 66 28 45 65 2e 63 68 65 63 6b 49 74 65 6d 45 78 69 73 74 73 28 65 2c 22 77 76 29 22 29 7c 7c 45 65 2e 63 68 65 63 6b 49 74 65 6d 45 78 69 73 74 73 28 65 2c 22 41 6e 64 72 6f 69 64 20 34 2e 22 29 26 26 45 65 2e 63 68 65 63 6b 49 74 65 6d 45 78 69 73 74 73 28 65 2c 22 56 65 72 73 69 6f 6e 2f 22 29 29 72 65 74 75 72 6e 22 41 4e 44 52 4f 49 44 5f 57 45 42 56 49 45 57 22 3b 69 66 28 2f 69 50 68 6f 6e 65 7c 69 50 61 Data Ascii: .getItemsFromMacros("adt2")),M("bcat",C(_e._bdata,"bcat")),M("web_view",{value:function(){var e=navigator.userAgent;if(Ee.checkItemExists(e,"wv)")\|\|Ee.checkItemExists(e,"Android 4.")&&Ee.checkItemExists(e,"Version/"))return"ANDROID_WEBVIEW";if(/iPhone\|iPa
2021-12-02 23:42:36 UTC	716	IN	Data Raw: 68 65 63 6b 49 74 65 6d 45 78 69 73 74 73 49 6e 41 72 72 61 79 28 65 2c 22 72 65 6d 51 75 6f 74 65 22 29 26 26 28 74 3d 74 2e 72 65 70 6c 61 63 65 28 22 27 22 2c 22 22 29 29 2c 45 65 2e 63 68 65 63 6b 49 74 65 6d 45 78 69 73 74 73 49 6e 41 72 72 61 79 28 65 2c 22 72 65 6d 6f 76 65 41 6c 6c 22 29 26 26 28 74 3d 22 22 29 2c 74 29 29 2c 6b 65 28 46 28 22 63 72 65 66 22 29 29 26 26 72 65 28 22 63 72 65 66 22 2c 43 65 28 46 28 22 63 72 65 66 22 29 29 29 2c 6b 65 28 46 28 22 77 65 62 5f 76 69 65 77 22 29 29 26 26 72 65 28 22 77 65 62 5f 76 69 65 77 22 2c 46 28 22 77 65 62 5f 76 69 65 77 22 29 29 2c 22 54 42 35 35 4a 35 52 22 3d 3d 3d 5f 65 2e 5f 74 70 69 64 26 26 44 28 22 6b 77 72 66 22 2c 46 28 22 65 72 65 71 75 72 6c 22 29 2c 21 30 29 2c 21 6b 65 28 5f 65 2e Data Ascii: heckItemExistsInArray(e,"remQuote")&&(t=t.replace("'","")),Ee.checkItemExistsInArray(e,"removeAll")&&(t=""),t)),ke(F("cref"))&&re("cref",Ce(F("cref"))),ke(F("web_view"))&&re("web_view",F("web_view")),"TB55J5R"===_e._tpid&&D("kwrf",F("erequrl"),!0),!ke(_e.
2021-12-02 23:42:36 UTC	732	IN	Data Raw: 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 3b 72 65 74 75 72 6e 20 65 5b 73 5d 3d 61 2e 69 73 41 70 70 6c 69 63 61 62 6c 65 28 29 3f 22 31 22 3a 22 30 22 2c 65 7d 2c 74 68 69 73 2e 67 65 74 4c 44 50 46 6c 61 67 46 6f 72 48 42 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 74 68 69 73 2e 67 65 74 4d 61 63 72 6f 73 46 6f 72 48 42 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 3b 72 65 74 75 72 6e 20 65 2e 67 64 3d 61 2e 69 73 41 70 70 6c 69 63 61 62 6c 65 28 29 2c 65 7d 2c 74 68 69 73 2e 63 61 6c 6c 48 42 41 70 69 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 2c 74 3d 66 2e 67 65 74 52 65 71 75 69 72 65 4d 6f 64 75 6c 65 28 22 61 64 61 70 74 65 72 2d 63 6f 6e 73 74 61 6e 74 73 22 29 3b 72 65 74 75 72 6e 20 66 2e 69 73 53 65 74 28 Data Ascii: tion(){var e={};return e[s]=a.isApplicable()?"1":"0",e},this.getLDPFlagForHB=function(){},this.getMacrosForHB=function(){var e={};return e.gd=a.isApplicable(),e},this.callHBApis=function(){var e={},t=f.getRequireModule("adapter-constants");return f.isSet(
2021-12-02 23:42:36 UTC	740	IN	Data Raw: 22 29 7d 2c 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6d 65 73 73 61 67 65 22 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 74 3d 7b 7d 3b 74 72 79 7b 74 3d 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 6e 2e 64 61 74 61 3f 4a 53 4f 4e 2e 70 61 72 73 65 28 6e 2e 64 61 74 61 29 3a 6e 2e 64 61 74 61 7d 63 61 74 63 68 28 6e 29 7b 7d 76 61 72 20 69 3d 74 2e 5f 5f 74 63 66 61 70 69 52 65 74 75 72 6e 3b 69 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 63 5b 69 2e 63 61 6c 6c 49 64 5d 26 26 63 5b 69 2e 63 61 6c 6c 49 64 5d 28 69 2e 72 65 74 75 72 6e 56 61 6c 75 65 2c 69 2e 73 75 63 63 65 73 73 29 7d 2c 21 31 29 7d 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 Data Ascii: ")},window.addEventListener("message",function(n){var t={};try{t="string"==typeof n.data?JSON.parse(n.data):n.data}catch(n){}var i=t.__tcfapiReturn;i&&"function"==typeof c[i.callId]&&c[i.callId](i.returnValue,i.success)},!1)}!function(){var n=function(){f
2021-12-02 23:42:36 UTC	756	IN	Data Raw: 2c 69 2e 64 61 74 61 2c 6f 2c 72 2e 67 65 74 56 69 73 69 74 49 64 28 29 29 7d 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 69 2e 73 68 6f 75 6c 64 4f 76 65 72 72 69 64 65 4c 6f 67 46 75 6e 63 74 69 6f 6e 3f 69 2e 73 68 6f 75 6c 64 4f 76 65 72 72 69 64 65 4c 6f 67 46 75 6e 63 74 69 6f 6e 3a 22 69 66 72 22 3d 3d 6e 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 28 74 3d 67 28 74 3d 72 29 29 2e 76 67 64 5f 69 66 69 6d 70 3d 31 2c 74 3b 76 61 72 20 74 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 28 72 29 7d 2c 63 2e 74 72 69 67 67 65 72 41 64 54 61 67 45 76 65 6e 74 28 72 2e 67 65 74 45 6e 74 69 74 79 28 22 76 69 22 29 2c 22 56 49 4d 50 3a 3a 69 6e 69 74 4f 62 73 65 72 76 65 72 22 2c 21 30 2c 7b 74 61 72 67 65 74 45 6c Data Ascii: ,i.data,o,r.getVisitId())}:"function"==typeof i.shouldOverrideLogFunction?i.shouldOverrideLogFunction:"ifr"==n?function(){return(t=g(t=r)).vgd_ifimp=1,t;var t}:function(){return g(r)},c.triggerAdTagEvent(r.getEntity("vi"),"VIMP::initObserver",!0,{targetEl
2021-12-02 23:42:36 UTC	764	IN	Data Raw: 2e 41 44 56 42 49 44 5f 4f 42 4a 45 43 54 5d 5b 61 2e 41 50 49 35 5f 47 45 54 5f 41 44 58 5f 50 52 45 44 49 43 54 49 4f 4e 5d 29 26 26 28 6e 3d 73 5b 61 2e 41 44 56 42 49 44 5f 4f 42 4a 45 43 54 5d 5b 61 2e 41 50 49 35 5f 47 45 54 5f 41 44 58 5f 50 52 45 44 49 43 54 49 4f 4e 5d 28 41 2e 67 65 74 48 42 43 72 65 61 74 69 76 65 49 64 28 74 29 2c 69 2c 65 2c 49 5b 74 5d 29 29 2c 65 3d 6e 2c 63 2e 69 73 53 65 74 28 65 29 26 26 63 2e 69 73 53 65 74 28 65 5b 75 2e 42 49 44 5d 29 26 26 63 2e 69 73 46 75 6e 63 74 69 6f 6e 28 65 5b 75 2e 52 45 50 4f 52 54 5f 57 49 4e 5f 4f 52 5f 4c 4f 53 53 5f 43 41 4c 4c 42 41 43 4b 5d 29 3f 28 5f 28 5b 22 47 6f 74 20 48 62 2d 41 64 78 20 42 69 64 20 50 72 65 64 69 63 74 69 6f 6e 20 73 75 63 63 65 73 73 66 75 6c 6c 79 20 77 69 74 Data Ascii: .ADVBID_OBJECT][a.API5_GET_ADX_PREDICTION])&&(n=s[a.ADVBID_OBJECT][a.API5_GET_ADX_PREDICTION](A.getHBCreativeId(t),i,e,I[t])),e=n,c.isSet(e)&&c.isSet(e[u.BID])&&c.isFunction(e[u.REPORT_WIN_OR_LOSS_CALLBACK])?(_(["Got Hb-Adx Bid Prediction successfully wit
2021-12-02 23:42:36 UTC	780	IN	Data Raw: 59 21 42 20 61 73 73 75 6d 65 64 20 77 69 6e 6e 65 72 20 66 6f 72 20 72 65 61 73 6f 6e 3a 20 22 2b 65 2b 22 20 61 6e 64 20 62 69 64 64 65 72 20 69 64 3a 20 22 2b 69 2c 6e 2e 63 72 69 64 29 2c 74 5b 6b 2e 50 52 4f 56 49 44 45 52 5f 49 44 5d 3d 69 2c 74 5b 6b 2e 53 49 5a 45 5d 3d 6f 5b 57 2e 52 54 42 5f 53 49 5a 45 5d 3b 69 3d 6f 2e 72 70 3b 72 65 74 75 72 6e 20 65 21 3d 5a 2e 45 4d 50 54 59 5f 42 49 44 26 26 65 21 3d 5a 2e 4e 4f 5f 42 49 44 7c 7c 28 69 3d 22 30 2e 30 30 22 29 2c 74 5b 6b 2e 42 49 44 5d 3d 69 2c 74 5b 6b 2e 47 4f 4f 47 4c 45 5f 42 49 44 5d 3d 69 2c 74 5b 6b 2e 4e 4f 42 49 44 5f 52 45 41 53 4f 4e 5d 3d 65 2c 74 7d 66 75 6e 63 74 69 6f 6e 20 76 28 74 29 7b 76 61 72 20 65 2c 69 2c 64 3b 72 65 74 75 72 6e 21 30 3d 3d 3d 74 5b 6b 2e 4e 4f 42 49 Data Ascii: Y!B assumed winner for reason: "+e+" and bidder id: "+i,n.crid),t[k.PROVIDER_ID]=i,t[k.SIZE]=o[W.RTB_SIZE];i=o.rp;return e!=Z.EMPTY_BID&&e!=Z.NO_BID\|\|(i="0.00"),t[k.BID]=i,t[k.GOOGLE_BID]=i,t[k.NOBID_REASON]=e,t}function v(t){var e,i,d;return!0===t[k.NOBI
2021-12-02 23:42:36 UTC	788	IN	Data Raw: 61 72 20 65 3d 22 22 2c 72 3d 74 2e 67 65 74 45 6e 74 69 74 79 28 22 72 65 71 75 72 6c 22 2c 21 30 29 2c 65 3d 63 2e 69 73 49 6e 49 46 72 61 6d 65 43 61 6c 6c 28 29 26 26 21 63 2e 69 73 50 61 72 65 6e 74 41 63 63 65 73 73 69 62 6c 65 28 29 3f 72 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 74 3d 63 2e 67 65 74 54 6f 70 6d 6f 73 74 41 63 63 65 73 73 69 62 6c 65 57 69 6e 64 6f 77 28 29 7c 7c 21 31 2c 65 3d 74 26 26 74 2e 70 65 72 66 6f 72 6d 61 6e 63 65 26 26 74 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 67 65 74 45 6e 74 72 69 65 73 28 29 2c 72 3d 65 26 26 65 2e 6c 65 6e 67 74 68 3f 65 5b 30 5d 2e 6e 61 6d 65 3a 76 6f 69 64 20 30 7d 63 61 74 63 68 28 74 29 7b 72 65 74 75 72 6e 22 22 7d 72 65 74 75 72 6e 20 63 2e 69 73 53 74 72 69 6e 67 53 65 74 Data Ascii: ar e="",r=t.getEntity("requrl",!0),e=c.isInIFrameCall()&&!c.isParentAccessible()?r:function(){try{var t=c.getTopmostAccessibleWindow()\|\|!1,e=t&&t.performance&&t.performance.getEntries(),r=e&&e.length?e[0].name:void 0}catch(t){return""}return c.isStringSet
2021-12-02 23:42:36 UTC	804	IN	Data Raw: 6e 74 69 74 79 28 22 6e 6d 6f 76 6c 22 29 7c 7c 74 2e 67 65 74 45 6e 74 69 74 79 28 22 69 6e 73 6c 22 29 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 74 2c 72 2c 73 29 7b 76 61 72 20 6f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 2c 69 2c 6e 3b 6f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 65 3d 74 2c 69 3d 72 2c 6e 3d 73 2c 6c 2e 61 64 64 54 6f 44 65 6c 61 79 65 64 45 76 65 6e 74 51 75 65 75 65 28 22 63 61 6c 6c 73 65 74 74 69 6e 67 73 22 2c 6e 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3b 31 21 3d 3d 65 2e 67 65 74 45 6e 74 69 74 79 28 22 65 78 74 65 72 6e 61 6c 50 72 6f 76 53 68 6f 77 6e 22 29 26 26 28 79 28 65 29 3f 28 65 2e 61 64 64 45 6e 74 69 74 79 28 22 68 74 6d 6c 73 72 63 22 2c 22 31 22 29 2c 74 3d 75 28 65 2c 69 2c 21 30 29 2c 61 2e 72 Data Ascii: ntity("nmovl")\|\|t.getEntity("insl"))}function m(t,r,s){var o=function(){var e,i,n;o=function(){},e=t,i=r,n=s,l.addToDelayedEventQueue("callsettings",n,function(){var t;1!==e.getEntity("externalProvShown")&&(y(e)?(e.addEntity("htmlsrc","1"),t=u(e,i,!0),a.r

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.6	49804	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:42:59 UTC	861	OUT	GET /log?logid=awlog&pid=8PR68Q253&itype=HB-CM&dn=msn.com&cid=8HBI57XIG&svr=2021111013_170&servname=hbcm_na&gdpr=0&csex=0&suc=0&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001638520987300014104136333773&vsid=&sd=1&gtd=400&inid=0&gfd=&cc=CH&sc=ZH&ct=ZURICH&abte=CONTROL&adbd=0&amp=0&version=1&sB=false&cors=true&disB=false&ice=&vw=284&vh=271&pht=271&cl=&__rk=0&app=0&rtype=&vendor=&isSafari=0&lbr=0&floc_id=&floc_ver=&id_details=&mnkv=&pabte=&pbcm=0&pvid=4&prvAccId=858412214&prvApiId=8CU157172&exid=31&pcId=&pseat=4-BID_API&mowxReqId=655139198087331261638520979902&crid=670468743&g=0&size=300x250&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=1&plcmtt=0&rtime=46&dtc=nydc&rtbsv2=&mp_seg<>=44412%23%2315390%23%2315718%23%2317218%23%2328447%23%2333721%23%2354934%23%2353492%23%2360148&apid=1&wsip=c10-mowx-prod-1&ltime=7221&abs=0&ae=0&ftr<>=&ssregion=&ssreqid=&sssvnm=&bdp=0.02&cbdp=0.02&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=unknown&dfpBd=0.02&nms=1&di=&dt=O&epc=858412214&ogbdp=0.02&s=1&snm=success&dbf=1&bdata=sd2%3Dnull~bb%3D186~vv%3D0~erpm%3D0.03~ogerpm%3D0.03~MFB%3D2jo~smm_bid%3D0.02~bm%3D1~smm_sd%3D2021120121~sid%3D858412214~sd%3D1~uid%3D2IaaJtXbXqos4SCzmA~dc2%3D1~btd%3D14241703836931763290446355943300556902506328540099388593272215750316032~scd%3Dzh~uim%3D464908~url_tkc%3D0~ss%3D1280x1024~uiw%3D100~ce%3D1~xgb_sd%3D2021101600~last%3D0~CI%3D2624~ip%3D1xrX0Z~fbb%3D0~riipua%3D0%2C0~xgb_nt%3D101~nts%3D1~tb%3D-1~et%3D27~ct%3Dzurich~rc%3D6%2C0~basis2%3D196~url_b%3D0.03~basis1%3D196~isRef%3D0~lc%3D0~url_tvi%3D0~smm_wr%3D2.2127~url_l%3D50~xgboost_b%3D0.92~bid%3D0.02~xgb_b%3D0.92~dc%3D8~gcat%3D500884~ogbid%3D0.02%7C%7Ccbdp%3D0.02%7C%7Cbflag%3D0%7C%7Csobp%3D0%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D%25%25DMS_STRATEGY%25%25%7C%7Cdtc%3Dnydc%7C%7Cabte%3DCONTROL%7C%7Chsw%3D%25%25HAS_SECOND_WINNER%25%25~ibc%3D1~ddt%3D-1~nsz%3D1~tgs%3D300x250~bsb%3D0~bsp%3D0~tmx%3D200&cmpid=&bId=&pcrid=8CU157172-858412214-48-14&ruct=0&brs=&brr=&iurl=https%3A%2F%2Fiurl-a.akamaihd.net%2Fybntag%3F%26cid%3D8CU157172%26crid%3D858412214%26size%3D300x250%26requrl%3Dhttps%253A%252F%252Fwww.msn.com%252Fde-ch%252F%253Focid%253Diehp&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Cclt%3D0%7Cfl_rl%3D1%7CssProfile%3D0%7Cdbr%3D1%7Ctkd%3Dnull&bfs=0&seat=BID_API&nbr=0&ba=31&ybnca_gbid=&ybnca_erpm=0.03&ybnca_vbid=&yogbdp=0.02&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=76112239762996859_53175729_670468743141&dStat=0&ogbid=0.02&acid=340954286069640181638520979899&act=headerBid&dtfdl=&dspltime=&ttfd=&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&adj1=0&adj0=0&adj2=0&adj3=0&patkey=&patint<>=&pc=&spSource=0&spIvt=3&spId=&spFst=0&spIsReq=3&spTo=3&top=0&btm=0&lft=0&rght=0&mx_SD=&mx_PC=1&mx_SPRIG=1&mx_UCC=2&mx_lr_seg_cnt=0&mx_GCID=0&mx_IAB2=1&mx_ip_exp_verd=&mx_vsGap=&mx_epbc=8CU157172&mx_bsBucket=0&mx_ssProfile=0&mx_lr=0&mx_g_one_uid_sent=None&mx_uid_sent=0&mx_yhs_enabled=&mx_SC=0&mx_lr_seg_deal=0&mx_yhs_target_bidders=&mx_g_uid_cvrg=&mx_mrpp_key=&mx_divid=&mx_dfpadpath=&mx_g_uid_sent<>=&mx_BCN_BF=&mx_BCE=&mx_BCI=&mx_BCT=&mx_BCN_YHS=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=0&mx_supply_path=&mx_sbp=-10&mx_yhs_selected_deal=&mx_tgs=300x250&mx_TAS=&mx_asset_id=&mx_adnm=&mx_aurl_hc=0&mx_yhs_deal_sent=&mx_aqcpl_crid=0&mx_aabpc=0&mx_adid=&mx_nsz=1&mx_isLossNtf=false&mx_aurt=0&mx_gpid_sent=false&pgcatiab=IAB12&pgcatiab2=379&pgcatsprig=16&gFunDl=false&ngFunDl=false&rDl=false&actltime=7396&auMxTm=&brf=0&dcs=&dfpDiv=&dfpPos=&dfpAdPath=&lper=1&td=r%3Dstr%7Cab%3D0%7C&oyaf=0&sbdrid=328&ra_sz=300x250&tk=&sc_pvid=&sc_ogbdp=0&sc_adj1=0&sc_adj0=0&sc_adj2=0&sc_prspt=&sc_act=&sc_bdata=&sc_bdp=0&sc_cbdp=0&sc_bId=&sc_cat=&sc_cmpid=&sc_advId=&sc_advNm=&sc_advUrl=&udc=&rti=-1&rme=ADPTR&bbdrid=&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&kwrf=&epurl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: hblg.media.net Connection: Keep-Alive
2021-12-02 23:42:59 UTC	866	IN	HTTP/1.1 200 OK Content-Type: image/gif Access-Control-Allow-Origin: * Content-Length: 35 Server: Jetty(9.4.35.v20201120) Expires: Thu, 02 Dec 2021 23:42:59 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Thu, 02 Dec 2021 23:42:59 GMT Connection: close
2021-12-02 23:42:59 UTC	866	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 f0 00 00 00 00 00 ff ff ff 2c 00 00 00 00 01 00 01 00 40 02 02 4c 01 00 3b Data Ascii: GIF89a,@L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.6	49803	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:43:06 UTC	866	OUT	GET /log?logid=awlog&pid=8PR68Q253&itype=HB-CM&dn=msn.com&cid=8HBI57XIG&svr=2021111013_170&servname=hbcm_na&gdpr=0&csex=0&suc=0&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001638520995419014104136339406&vsid=&sd=2&gtd=400&inid=0&gfd=&cc=CH&sc=ZH&ct=ZURICH&abte=CONTROL&adbd=0&amp=0&version=1&sB=false&cors=true&disB=false&ice=&vw=284&vh=271&pht=271&cl=&__rk=0&app=0&rtype=&vendor=&isSafari=0&lbr=0&floc_id=&floc_ver=&id_details=&mnkv=&pabte=&pbcm=0&pvid=4&prvAccId=722878611&prvApiId=8CU157172&exid=31&pcId=&pseat=4-BID_API&mowxReqId=695089110086948631638520986847&crid=976531914&g=0&size=300x250&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=1&plcmtt=0&rtime=48&dtc=nydc&rtbsv2=&mp_seg<>=44412%23%2315390%23%2315718%23%2317218%23%2328447%23%2333721%23%2354934%23%2353492%23%2360148&apid=1&wsip=c10-mowx-web-43&ltime=8567&abs=0&ae=0&ftr<>=&ssregion=&ssreqid=&sssvnm=&bdp=0.02&cbdp=0.02&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=unknown&dfpBd=0.02&nms=1&di=&dt=O&epc=722878611&ogbdp=0.02&s=1&snm=success&dbf=1&bdata=sd2%3Dnull~bb%3D186~vv%3D0~erpm%3D0.04~ogerpm%3D0.04~MFB%3D10K~smm_bid%3D0.02~bm%3D0.9~smm_sd%3D2021120121~sid%3D722878611~sd%3D2~uid%3D2IaaKnuVnvziDdNYpZ~dc2%3D1~btd%3D14241703849787268410763125577306022343800731350682634986482226645438464~scd%3Dzh~uim%3D466966~url_tkc%3D0~ss%3D1280x1024~uiw%3D100~ce%3D1~xgb_sd%3D2021101600~last%3D0~CI%3D2624~ip%3D1xrX0Z~fbb%3D0~riipua%3D0%2C0~xgb_nt%3D101~nts%3D1~tb%3D-1~et%3D28~ct%3Dzurich~rc%3D8%2C1~basis2%3D196~url_b%3D0.04~basis1%3D196~isRef%3D0~lc%3D0~url_tvi%3D0~smm_wr%3D2.0898~url_l%3D50~xgboost_b%3D0.92~bid%3D0.02~xgb_b%3D0.92~dc%3D8~gcat%3D500884~ogbid%3D0.02%7C%7Ccbdp%3D0.02%7C%7Cbflag%3D0%7C%7Csobp%3D0%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D%25%25DMS_STRATEGY%25%25%7C%7Cdtc%3Dnydc%7C%7Cabte%3DCONTROL%7C%7Chsw%3D%25%25HAS_SECOND_WINNER%25%25~ibc%3D1~ddt%3D-1~nsz%3D1~tgs%3D300x250~bsb%3D0~bsp%3D0~tmx%3D200&cmpid=&bId=&pcrid=8CU157172-722878611-48-8&ruct=0&brs=&brr=&iurl=https%3A%2F%2Fiurl-a.akamaihd.net%2Fybntag%3F%26cid%3D8CU157172%26crid%3D722878611%26size%3D300x250%26requrl%3Dhttps%253A%252F%252Fwww.msn.com%252Fde-ch%252F%253Focid%253Diehp&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Cclt%3D0%7Cfl_rl%3D1%7CssProfile%3D0%7Cdbr%3D1%7Ctkd%3Dnull&bfs=0&seat=BID_API&nbr=0&ba=0&ybnca_gbid=&ybnca_erpm=0.04&ybnca_vbid=&yogbdp=0.02&yErpmFlag=0&smsrc=1&strg=&ybnca_bbid=&prvReqId=5651415265142258_1006712733_976531914141&dStat=0&ogbid=0.02&acid=154704099775382721638520986219&act=headerBid&dtfdl=&dspltime=&ttfd=&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&adj1=0&adj0=0&adj2=0&adj3=0&patkey=&patint<>=&pc=&spSource=0&spIvt=3&spId=&spFst=0&spIsReq=3&spTo=3&top=0&btm=0&lft=0&rght=0&mx_SD=&mx_PC=1&mx_SPRIG=1&mx_UCC=2&mx_lr_seg_cnt=0&mx_GCID=0&mx_IAB2=1&mx_ip_exp_verd=&mx_vsGap=&mx_epbc=8CU157172&mx_bsBucket=0&mx_ssProfile=0&mx_lr=0&mx_g_one_uid_sent=None&mx_uid_sent=0&mx_yhs_enabled=&mx_SC=0&mx_lr_seg_deal=0&mx_yhs_target_bidders=&mx_g_uid_cvrg=&mx_mrpp_key=&mx_divid=&mx_dfpadpath=&mx_g_uid_sent<>=&mx_BCN_BF=&mx_BCE=&mx_BCI=&mx_BCT=&mx_BCN_YHS=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=0&mx_supply_path=&mx_sbp=-10&mx_yhs_selected_deal=&mx_tgs=300x250&mx_TAS=&mx_asset_id=&mx_adnm=&mx_aurl_hc=0&mx_yhs_deal_sent=&mx_aqcpl_crid=0&mx_aabpc=0&mx_adid=&mx_nsz=1&mx_isLossNtf=false&mx_aurt=0&mx_gpid_sent=false&pgcatiab=IAB12&pgcatiab2=379&pgcatsprig=16&gFunDl=false&ngFunDl=false&rDl=false&actltime=9200&auMxTm=&brf=0&dcs=&dfpDiv=&dfpPos=&dfpAdPath=&lper=1&td=r%3Dstr%7Cab%3D0%7C&oyaf=0&sbdrid=328&ra_sz=300x250&tk=&sc_pvid=&sc_ogbdp=0&sc_adj1=0&sc_adj0=0&sc_adj2=0&sc_prspt=&sc_act=&sc_bdata=&sc_bdp=0&sc_cbdp=0&sc_bId=&sc_cat=&sc_cmpid=&sc_advId=&sc_advNm=&sc_advUrl=&udc=&rti=-1&rme=ADPTR&bbdrid=&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&kwrf=&epurl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: hblg.media.net Connection: Keep-Alive
2021-12-02 23:43:06 UTC	870	IN	HTTP/1.1 200 OK Content-Type: image/gif Access-Control-Allow-Origin: * Content-Length: 35 Server: Jetty(9.4.35.v20201120) Expires: Thu, 02 Dec 2021 23:43:06 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Thu, 02 Dec 2021 23:43:06 GMT Connection: close
2021-12-02 23:43:06 UTC	870	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 f0 00 00 00 00 00 ff ff ff 2c 00 00 00 00 01 00 01 00 40 02 02 4c 01 00 3b Data Ascii: GIF89a,@L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.6	49806	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:43:07 UTC	870	OUT	GET /803288796/fcmain.js?cb=window._mNDetails.initAd&&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3D%3D&crid=722878611&size=306x271&cc=CH&https=1&vif=2&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&nse=5&vi=1638488555296348136&ugd=4&rtbs=1&nb=1 HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: contextual.media.net Connection: Keep-Alive Cookie: hbcm_sd=4%7C1638520979780
2021-12-02 23:43:07 UTC	871	IN	HTTP/1.1 200 OK Server: Apache Content-Length: 39142 Content-Type: text/javascript X-MNT-HL2: 8-18 X-MNT-W: 10-7 Strict-Transport-Security: max-age=604800 Expires: Thu, 02 Dec 2021 23:43:07 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Thu, 02 Dec 2021 23:43:07 GMT Connection: close
2021-12-02 23:43:07 UTC	871	IN	Data Raw: 20 20 20 20 Data Ascii:
2021-12-02 23:43:07 UTC	871	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3b 77 69 6e 64 6f 77 2e 5f 6d 4e 44 65 74 61 69 6c 73 2e 69 6e 69 74 41 64 28 7b 22 76 69 22 3a 22 31 36 33 38 34 38 38 35 35 35 32 39 36 33 34 38 31 33 36 22 2c 22 73 22 3a 7b 22 5f 6d 4e 4c 32 22 3a 7b 22 73 69 7a 65 22 3a 22 33 30 36 78 32 37 31 22 2c 22 76 69 43 6f 6d 70 22 3a 22 31 36 33 38 34 38 37 31 33 37 38 39 35 38 30 35 39 32 37 22 2c 22 68 69 64 65 41 64 55 6e 69 74 41 42 50 22 3a 74 72 75 65 2c 22 61 62 70 6c 22 3a 22 33 22 2c 22 63 75 73 74 48 74 22 3a 22 22 2c 22 73 65 74 4c 33 31 30 30 22 3a 22 31 22 7d 2c 22 6c 68 70 22 3a 7b 22 6c 32 77 73 69 70 22 3a 22 32 38 38 37 33 30 35 32 33 33 22 2c 22 6c 32 61 63 22 3a 22 22 2c 22 73 65 74 68 63 73 64 22 3a 22 73 65 74 21 41 31 38 7c 38 30 31 33 22 7d 2c Data Ascii: ;window._mNDetails.initAd({"vi":"1638488555296348136","s":{"_mNL2":{"size":"306x271","viComp":"1638487137895805927","hideAdUnitABP":true,"abpl":"3","custHt":"","setL3100":"1"},"lhp":{"l2wsip":"2887305233","l2ac":"","sethcsd":"set!A18\|8013"},
2021-12-02 23:43:07 UTC	887	IN	Data Raw: 37 74 36 39 74 35 36 74 37 34 74 36 66 74 34 38 74 36 39 74 33 31 74 37 30 74 37 35 74 37 30 74 35 39 74 37 39 74 36 33 74 37 35 74 34 63 74 35 34 74 37 30 74 32 64 74 36 35 74 35 38 74 37 33 74 36 38 74 37 36 74 37 35 74 36 31 74 36 33 74 32 64 74 36 66 74 35 38 74 33 39 74 36 62 74 36 37 74 36 37 74 32 35 74 33 33 74 34 34 74 32 35 74 33 33 74 34 34 74 32 35 74 33 37 74 34 33 74 34 65 74 33 37 74 36 36 74 37 35 74 33 32 74 37 36 74 34 62 74 37 34 74 33 38 74 35 66 74 37 33 74 32 35 74 33 33 74 34 34 74 32 35 74 33 37 74 34 33 74 36 36 74 33 35 74 36 32 74 36 36 74 33 31 74 37 35 74 33 37 74 36 36 74 34 63 74 36 61 74 36 65 74 36 64 74 33 33 74 33 37 74 36 63 74 36 31 74 33 34 74 34 66 74 37 31 74 34 35 74 33 34 74 33 37 74 35 32 74 37 34 74 34 33 74 36 Data Ascii: 7t69t56t74t6ft48t69t31t70t75t70t59t79t63t75t4ct54t70t2dt65t58t73t68t76t75t61t63t2dt6ft58t39t6bt67t67t25t33t44t25t33t44t25t37t43t4et37t66t75t32t76t4bt74t38t5ft73t25t33t44t25t37t43t66t35t62t66t31t75t37t66t4ct6at6et6dt33t37t6ct61t34t4ft71t45t34t37t52t74t43t6
2021-12-02 23:43:07 UTC	895	IN	Data Raw: 36 62 74 36 63 74 36 35 74 36 39 74 36 34 74 36 35 74 37 32 7a 74 36 39 74 36 65 7a 74 36 37 74 37 32 74 36 66 74 35 63 74 37 35 74 33 30 74 33 30 74 36 34 74 36 36 74 36 35 74 36 65 7a 74 34 37 74 37 32 74 35 63 74 37 35 74 33 30 74 33 30 74 36 36 74 33 36 74 35 63 74 37 35 74 33 30 74 33 30 74 36 34 74 36 36 74 36 35 74 36 65 77 78 77 74 36 62 74 36 33 77 79 77 74 32 64 74 32 64 74 36 65 74 35 63 74 32 66 74 36 31 74 32 64 74 32 64 77 78 77 74 36 62 74 36 33 74 36 39 74 36 34 77 79 74 32 64 74 33 31 74 37 64 74 35 64 74 37 64 78 74 37 62 77 74 36 33 77 79 74 33 31 78 77 74 36 62 77 79 74 35 62 74 37 62 77 74 36 39 77 79 74 33 33 74 33 32 74 33 39 74 33 34 74 33 39 74 33 36 74 33 35 74 33 31 74 33 31 78 77 74 37 34 77 79 77 74 34 34 74 36 39 74 36 35 7a Data Ascii: 6bt6ct65t69t64t65t72zt69t6ezt67t72t6ft5ct75t30t30t64t66t65t6ezt47t72t5ct75t30t30t66t36t5ct75t30t30t64t66t65t6ewxwt6bt63wywt2dt2dt6et5ct2ft61t2dt2dwxwt6bt63t69t64wyt2dt31t7dt5dt7dxt7bwt63wyt31xwt6bwyt5bt7bwt69wyt33t32t39t34t39t36t35t31t31xwt74wywt44t69t65z

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.6	49808	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:43:07 UTC	910	OUT	GET /bqi.php?lf=5&&vgd_l2type=setting&pid=8PO8WH2OT&cme=wKMzE5aEf1C7W8c2Zu-wR6W8-LV6OuNn5M8-l7xIv5OFVIrj5gO7h1h0qwkXsk1YkKHiWm6OwnS8YdF7hxOqVy4gI-Di5bXqA_L7Nj1Gg-bLo1QZupPE9_lkGVq8LafeqNrLclh8bDzLkZpLway17PoLJDHoGdSHRiqjLFunN_rSbZHJFAjGFIv7F87z8XmJ-E7BhMXbxjXouwQLvaGa-ShCB3oRwwh8\|\|NDHRnZ9Gz3KXlI-i9OnZqQ==\|5gDUJdTGiJzedmq9hanWYg==\|sRBSg3CPSiQ=\|YdjFvixrVaHKWoanJxQ7pN1u-FbdnHzrNjhpugAcObH3UBK3ulwAWl7Dk2fLSIhhcacW0wejpmUUSEEp7HvKRQ==\|N7fu2vKt8_s=\|2Vo1csK06ElQVm9wtd7kmyhUd8oCSycUmnOt-CKThRGW5B7OtbhnTLfgAjgMfKS9GxuAl0hmLh7h59eRacx_zlI1mhj_yGBtc0wpPjW7ZYHmZRI-Qs46jvsASGwtenQv5_6kd41JpbzUVoJx6JhY_2c-CqKREqoxgJ7iifrLoawE2O9aRy41se9ZHO7dRZ1TuzVy17bY00rUzIYODMSLh1Pcyr8slxcI\|&gdpr=0&prid=8PRVV7640&cid=8CU157172&crid=858412214&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&vi=1638488555656014322&ugd=4&cc=CH&sc=ZH&bdrid=4&startTime=1638520979055&l2type=setting&vgd_l1rakh=1638488555181756319&l1ch=1&sttm=1638520979548&upk=1638520976.1854&hvsid=00001638520979548014104136331645&verid=9999999&vgd_sc=ZH&infr=1&twna=1&vgd_hbReqId=T1638483495C8S22U926&l1hcsd=l1!N4\|8028&vgd_l1rhst=contextual.media.net&vgd_gdprcs=1&vgd_uspa=0&vgd_isiolc=0&clp=%7B%7D&cl=%7B%7D&rtbsd=10&bidData=sd2%3Dnull~bb%3D186~vv%3D0~erpm%3D0.03~ogerpm%3D0.03~MFB%3D2jo~smm_bid%3D0.02~bm%3D1~smm_sd%3D2021120121~sid%3D858412214~sd%3D1~uid%3D2IaaJtXbXqos4SCzmA~dc2%3D1~btd%3D14241703836931763290446355943300556902506328540099388593272215750316032~scd%3Dzh~uim%3D464908~url_tkc%3D0~ss%3D1280x1024~uiw%3D100~ce%3D1~xgb_sd%3D2021101600~last%3D0~CI%3D2624~ip%3D1xrX0Z~fbb%3D0~riipua%3D0%2C0~xgb_nt%3D101~nts%3D1~tb%3D-1~et%3D27~ct%3Dzurich~rc%3D6%2C0~basis2%3D196~url_b%3D0.03~basis1%3D196~isRef%3D0~lc%3D0~url_tvi%3D0~smm_wr%3D2.2127~url_l%3D50~xgboost_b%3D0.92~bid%3D0.02~xgb_b%3D0.92~dc%3D8~gcat%3D500884~ogbid%3D0.02%7C%7Ccbdp%3D0.02%7C%7Cbflag%3D0%7C%7Csobp%3D0%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D%25%25DMS_STRATEGY%25%25%7C%7Cdtc%3Dnydc%7C%7Cabte%3DCONTROL%7C%7Chsw%3D%25%25HAS_SECOND_WINNER%25%25~ibc%3D1~ddt%3D-1~nsz%3D1~tgs%3D300x250~bsb%3D0~bsp%3D0~tmx%3D200&matchString=hr%3D0&l2ch=1&l2wsip=170721631&sethcsd=set!A18%7C8013&vgd_pgid=p11306311666t202112030842&vgd_pgids=1 HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: lg3.media.net Connection: Keep-Alive
2021-12-02 23:43:07 UTC	912	IN	HTTP/1.1 200 OK Server: Apache Content-Length: 15 Content-Type: text/javascript;charset=UTF-8 ntCoent-Length: 15 Strict-Transport-Security: max-age=21600 Expires: Thu, 02 Dec 2021 23:43:07 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Thu, 02 Dec 2021 23:43:07 GMT Connection: close
2021-12-02 23:43:07 UTC	913	IN	Data Raw: 76 61 72 20 6c 6f 67 67 65 64 20 3d 20 31 3b Data Ascii: var logged = 1;

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.6	49809	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:43:07 UTC	912	OUT	GET /48/nrrV52461.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: contextual.media.net Connection: Keep-Alive Cookie: hbcm_sd=4%7C1638520979780
2021-12-02 23:43:07 UTC	913	IN	HTTP/1.1 200 OK Server: Apache Content-Length: 91348 Content-Type: text/javascript; charset=utf-8 Pragma: max-age=2592000 ETag: "f3dcc1592ff35c4ac7631edb38265c3f" Strict-Transport-Security: max-age=604800 X-MNET-H: 8-12 Cache-Control: max-age=1209600 Expires: Thu, 16 Dec 2021 23:43:07 GMT Date: Thu, 02 Dec 2021 23:43:07 GMT Connection: close
2021-12-02 23:43:07 UTC	913	IN	Data Raw: 76 61 72 20 5f 6d 4e 52 65 71 75 69 72 65 2c 5f 6d 4e 44 65 66 69 6e 65 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 63 3d 7b 7d 2c 75 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 61 28 65 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 7d 5f 6d 4e 52 65 71 75 69 72 65 3d 66 75 6e 63 74 69 6f 6e 20 65 28 74 2c 72 29 7b 76 61 72 20 6e 2c 69 2c 6f 3d 5b 5d 3b 66 6f 72 28 69 20 69 6e 20 74 29 74 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 69 29 26 26 28 22 6f 62 6a 65 63 74 22 21 3d 74 79 70 65 6f 66 28 6e 3d 74 5b 69 5d 29 26 26 76 6f 69 64 20 30 21 3d 3d 6e 3f 28 76 6f 69 64 20 30 21 3d 3d 63 5b 6e 5d 7c 7c 28 63 5b 6e 5d 3d 65 28 75 5b 6e 5d 2e 64 65 70 73 2c 75 5b 6e 5d 2e 63 Data Ascii: var _mNRequire,_mNDefine;!function(){"use strict";var c={},u={};function a(e){return"function"==typeof e}_mNRequire=function e(t,r){var n,i,o=[];for(i in t)t.hasOwnProperty(i)&&("object"!=typeof(n=t[i])&&void 0!==n?(void 0!==c[n]\|\|(c[n]=e(u[n].deps,u[n].c
2021-12-02 23:43:07 UTC	916	IN	Data Raw: 3a 74 5b 6e 5d 29 29 29 3b 72 65 74 75 72 6e 20 6f 7d 66 75 6e 63 74 69 6f 6e 20 6e 28 74 2c 65 29 7b 73 28 74 29 26 26 28 65 3d 75 28 65 29 3f 65 3a 22 22 2c 72 5b 74 5d 3d 65 29 7d 66 75 6e 63 74 69 6f 6e 20 69 28 74 29 7b 72 65 74 75 72 6e 22 5b 6f 62 6a 65 63 74 20 41 72 72 61 79 5d 22 3d 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2e 63 61 6c 6c 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 63 28 74 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 7d 66 75 6e 63 74 69 6f 6e 20 73 28 74 29 7b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 22 22 21 3d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 75 28 74 29 7b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 74 29 7b 63 61 Data Ascii: :t[n])));return o}function n(t,e){s(t)&&(e=u(e)?e:"",r[t]=e)}function i(t){return"[object Array]"===Object.prototype.toString.call(t)}function c(t){return"function"==typeof t}function s(t){return"string"==typeof t&&""!==t}function u(t){switch(typeof t){ca
2021-12-02 23:43:07 UTC	932	IN	Data Raw: 26 26 6f 2e 69 73 53 65 74 28 65 2e 68 6f 73 74 6e 61 6d 65 29 3f 65 2e 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 22 2b 65 2e 68 6f 73 74 6e 61 6d 65 3a 6f 2e 69 73 53 65 74 28 65 2e 68 72 65 66 29 3f 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 69 66 28 2d 31 3c 65 2e 69 6e 64 65 78 4f 66 28 22 2f 2f 22 29 29 72 65 74 75 72 6e 20 65 3d 28 74 3d 65 2e 73 70 6c 69 74 28 22 2f 22 29 29 5b 30 5d 2b 22 2f 2f 22 2b 74 5b 32 5d 7d 28 65 2e 68 72 65 66 29 3a 76 6f 69 64 20 30 7d 2c 73 65 74 54 61 72 67 65 74 4f 66 45 6c 65 6d 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 61 72 67 65 74 22 2c 74 29 7d 2c 67 65 74 54 61 72 67 65 74 4f 66 45 6c 65 6d 65 6e 74 46 6f 72 4c 6f 67 67 69 6e 67 3a 66 75 6e 63 Data Ascii: &&o.isSet(e.hostname)?e.protocol+"//"+e.hostname:o.isSet(e.href)?function(e){var t;if(-1<e.indexOf("//"))return e=(t=e.split("/"))[0]+"//"+t[2]}(e.href):void 0},setTargetOfElement:function(e,t){e.setAttribute("target",t)},getTargetOfElementForLogging:func
2021-12-02 23:43:07 UTC	940	IN	Data Raw: 75 6e 63 74 69 6f 6e 20 67 28 74 2c 65 2c 69 29 7b 69 66 28 21 74 2e 69 70 61 74 68 29 72 65 74 75 72 6e 2d 31 3d 3d 65 2e 73 72 63 2e 69 6e 64 65 78 4f 66 28 22 34 30 34 5f 31 58 31 22 29 26 26 28 69 2e 73 74 79 6c 65 2e 76 69 73 69 62 69 6c 69 74 79 3d 22 76 69 73 69 62 6c 65 22 29 2c 7a 65 28 22 6e 6c 22 2c 74 29 2c 63 28 65 29 2c 30 3b 76 61 72 20 72 2c 61 2c 6e 2c 6f 3d 6e 65 77 20 49 6d 61 67 65 2c 64 3d 28 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 72 79 7b 72 65 74 75 72 6e 7b 77 69 64 74 68 3a 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 77 69 64 74 68 22 29 7c 7c 65 2e 77 69 64 74 68 7c 7c 70 61 72 73 65 49 6e 74 28 74 2e 6d 61 74 63 68 28 2f 77 69 64 74 68 3d 28 5b 22 27 30 2d 39 5d 2b 29 2f 29 5b 31 5d 2e 72 65 70 6c 61 63 65 28 2f Data Ascii: unction g(t,e,i){if(!t.ipath)return-1==e.src.indexOf("404_1X1")&&(i.style.visibility="visible"),ze("nl",t),c(e),0;var r,a,n,o=new Image,d=(d=function(e,t){try{return{width:e.getAttribute("width")\|\|e.width\|\|parseInt(t.match(/width=(["'0-9]+)/)[1].replace(/
2021-12-02 23:43:07 UTC	956	IN	Data Raw: 65 6c 69 6e 65 28 74 2c 6d 65 74 61 50 61 72 61 6d 55 74 69 6c 2e 6c 67 50 70 5b 74 5d 29 7d 28 29 2c 53 2e 61 64 64 50 61 69 72 54 6f 50 69 70 65 6c 69 6e 65 28 63 6f 6d 6d 6f 6e 43 6f 6e 73 74 61 6e 74 73 2e 4c 4f 47 5f 50 49 50 45 4c 49 4e 45 2e 4f 50 54 5f 4f 55 54 2c 55 69 28 29 3f 31 3a 30 29 2c 52 26 26 28 74 28 5b 22 64 6d 61 22 2c 63 6f 6d 6d 6f 6e 43 6f 6e 73 74 61 6e 74 73 2e 4c 4f 47 5f 50 49 50 45 4c 49 4e 45 2e 4d 41 43 52 4f 5f 56 49 53 49 54 4f 52 5f 49 44 2c 63 6f 6d 6d 6f 6e 43 6f 6e 73 74 61 6e 74 73 2e 4c 4f 47 5f 50 49 50 45 4c 49 4e 45 2e 4c 32 5f 54 59 50 45 2c 22 6c 32 63 68 22 2c 22 72 65 73 64 6e 22 5d 2c 21 31 29 2c 74 28 5b 22 63 64 6e 68 22 2c 22 6c 31 65 73 69 64 22 5d 2c 21 30 29 29 2c 65 3d 63 6f 6d 6d 6f 6e 43 6f 6e 73 74 Data Ascii: eline(t,metaParamUtil.lgPp[t])}(),S.addPairToPipeline(commonConstants.LOG_PIPELINE.OPT_OUT,Ui()?1:0),R&&(t(["dma",commonConstants.LOG_PIPELINE.MACRO_VISITOR_ID,commonConstants.LOG_PIPELINE.L2_TYPE,"l2ch","resdn"],!1),t(["cdnh","l1esid"],!0)),e=commonConst
2021-12-02 23:43:07 UTC	964	IN	Data Raw: 6d 55 74 69 6c 2e 6d 69 73 63 2e 66 72 42 64 72 49 64 2b 74 7d 72 65 74 75 72 6e 20 55 74 28 29 7d 28 29 2b 22 26 22 2b 6a 74 2b 22 26 72 63 3d 22 2b 72 3b 72 3d 50 28 29 3b 75 74 69 6c 2e 69 73 53 65 74 28 72 29 26 26 28 61 2b 3d 22 26 6b 73 75 3d 22 2b 72 29 3b 72 3d 22 22 3b 69 66 28 75 74 69 6c 2e 69 73 53 74 72 69 6e 67 53 65 74 28 72 3d 50 65 28 22 61 69 64 22 29 29 3f 61 2b 3d 22 26 76 67 64 5f 6f 70 70 5f 69 64 3d 22 2b 72 3a 75 74 69 6c 2e 69 73 53 74 72 69 6e 67 53 65 74 28 72 3d 44 2e 61 63 69 64 29 26 26 28 61 2b 3d 22 26 61 63 69 64 3d 22 2b 72 29 2c 75 74 69 6c 2e 69 73 53 74 72 69 6e 67 53 65 74 28 48 65 28 29 29 26 26 75 74 69 6c 2e 61 64 64 56 67 44 61 74 61 28 22 6c 33 5f 73 63 22 2c 48 65 28 29 29 2c 22 22 21 3d 78 65 28 29 26 26 28 61 Data Ascii: mUtil.misc.frBdrId+t}return Ut()}()+"&"+jt+"&rc="+r;r=P();util.isSet(r)&&(a+="&ksu="+r);r="";if(util.isStringSet(r=Pe("aid"))?a+="&vgd_opp_id="+r:util.isStringSet(r=D.acid)&&(a+="&acid="+r),util.isStringSet(He())&&util.addVgData("l3_sc",He()),""!=xe()&&(a
2021-12-02 23:43:07 UTC	980	IN	Data Raw: 2c 22 74 6f 70 3d 30 22 2c 22 73 63 72 6f 6c 6c 62 61 72 73 3d 79 65 73 22 2c 22 74 6f 6f 6c 62 61 72 3d 79 65 73 22 2c 22 6c 6f 63 61 74 69 6f 6e 3d 79 65 73 22 2c 22 70 65 72 73 6f 6e 61 6c 62 61 72 3d 79 65 73 22 2c 22 73 74 61 74 75 73 3d 79 65 73 22 2c 22 72 65 73 69 7a 61 62 6c 65 3d 79 65 73 22 2c 22 74 69 74 6c 65 62 61 72 3d 79 65 73 22 5d 2c 69 3d 22 41 64 43 6c 69 63 6b 22 2b 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 2c 72 3d 77 69 6e 64 6f 77 2e 6f 70 65 6e 28 74 68 69 73 2e 68 72 65 66 2c 69 2c 65 2e 6a 6f 69 6e 28 22 2c 22 29 29 3b 69 66 28 6e 75 6c 6c 21 3d 3d 72 29 7b 74 72 79 7b 72 2e 6d 6f 76 65 54 6f 26 26 72 2e 6d 6f 76 65 54 6f 28 30 2c 30 29 7d 63 61 74 63 68 28 74 29 7b 7d 69 66 28 21 28 74 3d 74 7c 7c 77 69 6e 64 Data Ascii: ,"top=0","scrollbars=yes","toolbar=yes","location=yes","personalbar=yes","status=yes","resizable=yes","titlebar=yes"],i="AdClick"+(new Date).getTime(),r=window.open(this.href,i,e.join(","));if(null!==r){try{r.moveTo&&r.moveTo(0,0)}catch(t){}if(!(t=t\|\|wind
2021-12-02 23:43:07 UTC	988	IN	Data Raw: 31 2c 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 2e 70 61 72 65 6e 74 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 61 29 2c 22 2a 22 29 3b 65 6c 73 65 20 69 66 28 75 74 69 6c 2e 69 73 4c 33 50 61 72 65 6e 74 4e 6f 74 41 63 63 65 73 73 69 62 6c 65 28 29 29 61 2e 70 61 72 61 6d 73 2e 6c 33 53 72 63 3d 31 2c 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 61 29 2c 22 2a 22 29 3b 65 6c 73 65 20 74 72 79 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 2e 5f 6d 4e 44 65 74 61 69 6c 73 2e 74 72 69 67 67 65 72 41 64 54 61 67 45 76 65 6e 74 28 65 2c 74 2c 69 2c 72 29 7d 63 61 74 63 68 28 74 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 7a 65 28 74 2c 65 29 7b 74 72 79 Data Ascii: 1,window.parent.parent.postMessage(JSON.stringify(a),"");else if(util.isL3ParentNotAccessible())a.params.l3Src=1,window.parent.postMessage(JSON.stringify(a),"");else try{window.parent._mNDetails.triggerAdTagEvent(e,t,i,r)}catch(t){}}function ze(t,e){try

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.6	49807	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:43:08 UTC	1002	OUT	GET /bqi.php?lf=5&&vgd_l2type=setting&pid=8PO641UYD&cme=S4_cq7T57eCIr457wnOZONsOijxuA5EygvvxEjyXm71KTilyaTdTHRWOugo0C_JUn4twsFFYarKn93u4d6Wh6HMuQsMK5wWTGu1mrmPGv06hdWu24i6BYU93PtG7z1VQdB4ux8XjUQgg7DwLdqAoOijT7cYB0PZ7NTCBf9W5LFQjtZSGcztLSxTeV8g-zadF_C34PocyUZBlJYj8v-g9knLNYbSXoCou\|\|NDHRnZ9Gz3KXlI-i9OnZqQ==\|5gDUJdTGiJzedmq9hanWYg==\|sRBSg3CPSiQ=\|YdjFvixrVaHKWoanJxQ7pN1u-FbdnHzrNjhpugAcObH3UBK3ulwAWiVtoHi1pupYycuLTp-eXshvuac-oX9kgg==\|N7fu2vKt8_s=\|f5bf1u7fLjnm37la4OqE47RtCc7tk3v3IH31-me1miPZAj1YnQwQh2PphemVXLK4fAUBKHTKZdPfBF6Z3YxbAN_GIqcUs8MdLqegLZSBCy3hsW5q2MOql5UxuUCHNLvR17Gr4GMn9bf5Jf-OYIJvVpxHv8PIWqmXdxa1VL06H2CKusOFWLZA_QmNop8hTtZlFs_wuMW5dZSm1HenepcN0cikahOsfwZT\|&gdpr=0&prid=8PRVV7640&cid=8CU157172&crid=722878611&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&vi=1638488555296348136&ugd=4&cc=CH&sc=ZH&bdrid=4&startTime=1638520985695&l2type=setting&vgd_l1rakh=1638488555141945565&l1ch=1&sttm=1638520986209&upk=1638520983.26641&hvsid=00001638520986209014104136331365&verid=9999999&vgd_sc=ZH&infr=1&twna=1&vgd_hbReqId=T1638485630C8S34U173&l1hcsd=l1!N4\|8028&vgd_l1rhst=contextual.media.net&vgd_gdprcs=1&vgd_uspa=0&vgd_isiolc=0&clp=%7B%7D&cl=%7B%7D&rtbsd=10&bidData=sd2%3Dnull~bb%3D186~vv%3D0~erpm%3D0.04~ogerpm%3D0.04~MFB%3D10K~smm_bid%3D0.02~bm%3D0.9~smm_sd%3D2021120121~sid%3D722878611~sd%3D2~uid%3D2IaaKnuVnvziDdNYpZ~dc2%3D1~btd%3D14241703849787268410763125577306022343800731350682634986482226645438464~scd%3Dzh~uim%3D466966~url_tkc%3D0~ss%3D1280x1024~uiw%3D100~ce%3D1~xgb_sd%3D2021101600~last%3D0~CI%3D2624~ip%3D1xrX0Z~fbb%3D0~riipua%3D0%2C0~xgb_nt%3D101~nts%3D1~tb%3D-1~et%3D28~ct%3Dzurich~rc%3D8%2C1~basis2%3D196~url_b%3D0.04~basis1%3D196~isRef%3D0~lc%3D0~url_tvi%3D0~smm_wr%3D2.0898~url_l%3D50~xgboost_b%3D0.92~bid%3D0.02~xgb_b%3D0.92~dc%3D8~gcat%3D500884~ogbid%3D0.02%7C%7Ccbdp%3D0.02%7C%7Cbflag%3D0%7C%7Csobp%3D0%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D%25%25DMS_STRATEGY%25%25%7C%7Cdtc%3Dnydc%7C%7Cabte%3DCONTROL%7C%7Chsw%3D%25%25HAS_SECOND_WINNER%25%25~ibc%3D1~ddt%3D-1~nsz%3D1~tgs%3D300x250~bsb%3D0~bsp%3D0~tmx%3D200&matchString=hr%3D0&l2ch=1&l2wsip=2887305233&sethcsd=set!A18%7C8013&vgd_pgid=p11306311666t202112030843&vgd_pgids=1 HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: lg3.media.net Connection: Keep-Alive
2021-12-02 23:43:08 UTC	1005	IN	HTTP/1.1 200 OK Server: Apache Content-Length: 15 Content-Type: text/javascript;charset=UTF-8 ntCoent-Length: 15 Strict-Transport-Security: max-age=21600 Expires: Thu, 02 Dec 2021 23:43:08 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Thu, 02 Dec 2021 23:43:08 GMT Connection: close
2021-12-02 23:43:08 UTC	1005	IN	Data Raw: 76 61 72 20 6c 6f 67 67 65 64 20 3d 20 31 3b Data Ascii: var logged = 1;

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.6	49821	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:43:08 UTC	1005	OUT	GET /48/nrrV52461.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: contextual.media.net Connection: Keep-Alive Cookie: hbcm_sd=4%7C1638520979780
2021-12-02 23:43:08 UTC	1006	IN	HTTP/1.1 200 OK Server: Apache Content-Length: 91348 Content-Type: text/javascript; charset=utf-8 Pragma: max-age=2592000 ETag: "f3dcc1592ff35c4ac7631edb38265c3f" Strict-Transport-Security: max-age=604800 X-MNET-H: 8-12 Cache-Control: max-age=1209600 Expires: Thu, 16 Dec 2021 23:43:08 GMT Date: Thu, 02 Dec 2021 23:43:08 GMT Connection: close
2021-12-02 23:43:08 UTC	1006	IN	Data Raw: 76 61 72 20 5f 6d 4e 52 65 71 75 69 72 65 2c 5f 6d 4e 44 65 66 69 6e 65 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 63 3d 7b 7d 2c 75 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 61 28 65 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 7d 5f 6d 4e 52 65 71 75 69 72 65 3d 66 75 6e 63 74 69 6f 6e 20 65 28 74 2c 72 29 7b 76 61 72 20 6e 2c 69 2c 6f 3d 5b 5d 3b 66 6f 72 28 69 20 69 6e 20 74 29 74 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 69 29 26 26 28 22 6f 62 6a 65 63 74 22 21 3d 74 79 70 65 6f 66 28 6e 3d 74 5b 69 5d 29 26 26 76 6f 69 64 20 30 21 3d 3d 6e 3f 28 76 6f 69 64 20 30 21 3d 3d 63 5b 6e 5d 7c 7c 28 63 5b 6e 5d 3d 65 28 75 5b 6e 5d 2e 64 65 70 73 2c 75 5b 6e 5d 2e 63 Data Ascii: var _mNRequire,_mNDefine;!function(){"use strict";var c={},u={};function a(e){return"function"==typeof e}_mNRequire=function e(t,r){var n,i,o=[];for(i in t)t.hasOwnProperty(i)&&("object"!=typeof(n=t[i])&&void 0!==n?(void 0!==c[n]\|\|(c[n]=e(u[n].deps,u[n].c
2021-12-02 23:43:08 UTC	1009	IN	Data Raw: 3a 74 5b 6e 5d 29 29 29 3b 72 65 74 75 72 6e 20 6f 7d 66 75 6e 63 74 69 6f 6e 20 6e 28 74 2c 65 29 7b 73 28 74 29 26 26 28 65 3d 75 28 65 29 3f 65 3a 22 22 2c 72 5b 74 5d 3d 65 29 7d 66 75 6e 63 74 69 6f 6e 20 69 28 74 29 7b 72 65 74 75 72 6e 22 5b 6f 62 6a 65 63 74 20 41 72 72 61 79 5d 22 3d 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2e 63 61 6c 6c 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 63 28 74 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 7d 66 75 6e 63 74 69 6f 6e 20 73 28 74 29 7b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 22 22 21 3d 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 75 28 74 29 7b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 74 29 7b 63 61 Data Ascii: :t[n])));return o}function n(t,e){s(t)&&(e=u(e)?e:"",r[t]=e)}function i(t){return"[object Array]"===Object.prototype.toString.call(t)}function c(t){return"function"==typeof t}function s(t){return"string"==typeof t&&""!==t}function u(t){switch(typeof t){ca
2021-12-02 23:43:08 UTC	1025	IN	Data Raw: 26 26 6f 2e 69 73 53 65 74 28 65 2e 68 6f 73 74 6e 61 6d 65 29 3f 65 2e 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 22 2b 65 2e 68 6f 73 74 6e 61 6d 65 3a 6f 2e 69 73 53 65 74 28 65 2e 68 72 65 66 29 3f 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 69 66 28 2d 31 3c 65 2e 69 6e 64 65 78 4f 66 28 22 2f 2f 22 29 29 72 65 74 75 72 6e 20 65 3d 28 74 3d 65 2e 73 70 6c 69 74 28 22 2f 22 29 29 5b 30 5d 2b 22 2f 2f 22 2b 74 5b 32 5d 7d 28 65 2e 68 72 65 66 29 3a 76 6f 69 64 20 30 7d 2c 73 65 74 54 61 72 67 65 74 4f 66 45 6c 65 6d 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 61 72 67 65 74 22 2c 74 29 7d 2c 67 65 74 54 61 72 67 65 74 4f 66 45 6c 65 6d 65 6e 74 46 6f 72 4c 6f 67 67 69 6e 67 3a 66 75 6e 63 Data Ascii: &&o.isSet(e.hostname)?e.protocol+"//"+e.hostname:o.isSet(e.href)?function(e){var t;if(-1<e.indexOf("//"))return e=(t=e.split("/"))[0]+"//"+t[2]}(e.href):void 0},setTargetOfElement:function(e,t){e.setAttribute("target",t)},getTargetOfElementForLogging:func
2021-12-02 23:43:08 UTC	1033	IN	Data Raw: 75 6e 63 74 69 6f 6e 20 67 28 74 2c 65 2c 69 29 7b 69 66 28 21 74 2e 69 70 61 74 68 29 72 65 74 75 72 6e 2d 31 3d 3d 65 2e 73 72 63 2e 69 6e 64 65 78 4f 66 28 22 34 30 34 5f 31 58 31 22 29 26 26 28 69 2e 73 74 79 6c 65 2e 76 69 73 69 62 69 6c 69 74 79 3d 22 76 69 73 69 62 6c 65 22 29 2c 7a 65 28 22 6e 6c 22 2c 74 29 2c 63 28 65 29 2c 30 3b 76 61 72 20 72 2c 61 2c 6e 2c 6f 3d 6e 65 77 20 49 6d 61 67 65 2c 64 3d 28 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 72 79 7b 72 65 74 75 72 6e 7b 77 69 64 74 68 3a 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 77 69 64 74 68 22 29 7c 7c 65 2e 77 69 64 74 68 7c 7c 70 61 72 73 65 49 6e 74 28 74 2e 6d 61 74 63 68 28 2f 77 69 64 74 68 3d 28 5b 22 27 30 2d 39 5d 2b 29 2f 29 5b 31 5d 2e 72 65 70 6c 61 63 65 28 2f Data Ascii: unction g(t,e,i){if(!t.ipath)return-1==e.src.indexOf("404_1X1")&&(i.style.visibility="visible"),ze("nl",t),c(e),0;var r,a,n,o=new Image,d=(d=function(e,t){try{return{width:e.getAttribute("width")\|\|e.width\|\|parseInt(t.match(/width=(["'0-9]+)/)[1].replace(/
2021-12-02 23:43:08 UTC	1049	IN	Data Raw: 65 6c 69 6e 65 28 74 2c 6d 65 74 61 50 61 72 61 6d 55 74 69 6c 2e 6c 67 50 70 5b 74 5d 29 7d 28 29 2c 53 2e 61 64 64 50 61 69 72 54 6f 50 69 70 65 6c 69 6e 65 28 63 6f 6d 6d 6f 6e 43 6f 6e 73 74 61 6e 74 73 2e 4c 4f 47 5f 50 49 50 45 4c 49 4e 45 2e 4f 50 54 5f 4f 55 54 2c 55 69 28 29 3f 31 3a 30 29 2c 52 26 26 28 74 28 5b 22 64 6d 61 22 2c 63 6f 6d 6d 6f 6e 43 6f 6e 73 74 61 6e 74 73 2e 4c 4f 47 5f 50 49 50 45 4c 49 4e 45 2e 4d 41 43 52 4f 5f 56 49 53 49 54 4f 52 5f 49 44 2c 63 6f 6d 6d 6f 6e 43 6f 6e 73 74 61 6e 74 73 2e 4c 4f 47 5f 50 49 50 45 4c 49 4e 45 2e 4c 32 5f 54 59 50 45 2c 22 6c 32 63 68 22 2c 22 72 65 73 64 6e 22 5d 2c 21 31 29 2c 74 28 5b 22 63 64 6e 68 22 2c 22 6c 31 65 73 69 64 22 5d 2c 21 30 29 29 2c 65 3d 63 6f 6d 6d 6f 6e 43 6f 6e 73 74 Data Ascii: eline(t,metaParamUtil.lgPp[t])}(),S.addPairToPipeline(commonConstants.LOG_PIPELINE.OPT_OUT,Ui()?1:0),R&&(t(["dma",commonConstants.LOG_PIPELINE.MACRO_VISITOR_ID,commonConstants.LOG_PIPELINE.L2_TYPE,"l2ch","resdn"],!1),t(["cdnh","l1esid"],!0)),e=commonConst
2021-12-02 23:43:08 UTC	1057	IN	Data Raw: 6d 55 74 69 6c 2e 6d 69 73 63 2e 66 72 42 64 72 49 64 2b 74 7d 72 65 74 75 72 6e 20 55 74 28 29 7d 28 29 2b 22 26 22 2b 6a 74 2b 22 26 72 63 3d 22 2b 72 3b 72 3d 50 28 29 3b 75 74 69 6c 2e 69 73 53 65 74 28 72 29 26 26 28 61 2b 3d 22 26 6b 73 75 3d 22 2b 72 29 3b 72 3d 22 22 3b 69 66 28 75 74 69 6c 2e 69 73 53 74 72 69 6e 67 53 65 74 28 72 3d 50 65 28 22 61 69 64 22 29 29 3f 61 2b 3d 22 26 76 67 64 5f 6f 70 70 5f 69 64 3d 22 2b 72 3a 75 74 69 6c 2e 69 73 53 74 72 69 6e 67 53 65 74 28 72 3d 44 2e 61 63 69 64 29 26 26 28 61 2b 3d 22 26 61 63 69 64 3d 22 2b 72 29 2c 75 74 69 6c 2e 69 73 53 74 72 69 6e 67 53 65 74 28 48 65 28 29 29 26 26 75 74 69 6c 2e 61 64 64 56 67 44 61 74 61 28 22 6c 33 5f 73 63 22 2c 48 65 28 29 29 2c 22 22 21 3d 78 65 28 29 26 26 28 61 Data Ascii: mUtil.misc.frBdrId+t}return Ut()}()+"&"+jt+"&rc="+r;r=P();util.isSet(r)&&(a+="&ksu="+r);r="";if(util.isStringSet(r=Pe("aid"))?a+="&vgd_opp_id="+r:util.isStringSet(r=D.acid)&&(a+="&acid="+r),util.isStringSet(He())&&util.addVgData("l3_sc",He()),""!=xe()&&(a
2021-12-02 23:43:08 UTC	1073	IN	Data Raw: 2c 22 74 6f 70 3d 30 22 2c 22 73 63 72 6f 6c 6c 62 61 72 73 3d 79 65 73 22 2c 22 74 6f 6f 6c 62 61 72 3d 79 65 73 22 2c 22 6c 6f 63 61 74 69 6f 6e 3d 79 65 73 22 2c 22 70 65 72 73 6f 6e 61 6c 62 61 72 3d 79 65 73 22 2c 22 73 74 61 74 75 73 3d 79 65 73 22 2c 22 72 65 73 69 7a 61 62 6c 65 3d 79 65 73 22 2c 22 74 69 74 6c 65 62 61 72 3d 79 65 73 22 5d 2c 69 3d 22 41 64 43 6c 69 63 6b 22 2b 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 2c 72 3d 77 69 6e 64 6f 77 2e 6f 70 65 6e 28 74 68 69 73 2e 68 72 65 66 2c 69 2c 65 2e 6a 6f 69 6e 28 22 2c 22 29 29 3b 69 66 28 6e 75 6c 6c 21 3d 3d 72 29 7b 74 72 79 7b 72 2e 6d 6f 76 65 54 6f 26 26 72 2e 6d 6f 76 65 54 6f 28 30 2c 30 29 7d 63 61 74 63 68 28 74 29 7b 7d 69 66 28 21 28 74 3d 74 7c 7c 77 69 6e 64 Data Ascii: ,"top=0","scrollbars=yes","toolbar=yes","location=yes","personalbar=yes","status=yes","resizable=yes","titlebar=yes"],i="AdClick"+(new Date).getTime(),r=window.open(this.href,i,e.join(","));if(null!==r){try{r.moveTo&&r.moveTo(0,0)}catch(t){}if(!(t=t\|\|wind
2021-12-02 23:43:08 UTC	1081	IN	Data Raw: 31 2c 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 2e 70 61 72 65 6e 74 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 61 29 2c 22 2a 22 29 3b 65 6c 73 65 20 69 66 28 75 74 69 6c 2e 69 73 4c 33 50 61 72 65 6e 74 4e 6f 74 41 63 63 65 73 73 69 62 6c 65 28 29 29 61 2e 70 61 72 61 6d 73 2e 6c 33 53 72 63 3d 31 2c 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 61 29 2c 22 2a 22 29 3b 65 6c 73 65 20 74 72 79 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 2e 5f 6d 4e 44 65 74 61 69 6c 73 2e 74 72 69 67 67 65 72 41 64 54 61 67 45 76 65 6e 74 28 65 2c 74 2c 69 2c 72 29 7d 63 61 74 63 68 28 74 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 7a 65 28 74 2c 65 29 7b 74 72 79 Data Ascii: 1,window.parent.parent.postMessage(JSON.stringify(a),"");else if(util.isL3ParentNotAccessible())a.params.l3Src=1,window.parent.postMessage(JSON.stringify(a),"");else try{window.parent._mNDetails.triggerAdTagEvent(e,t,i,r)}catch(t){}}function ze(t,e){try

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.6	49792	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:42:50 UTC	806	OUT	GET /bping.php?&gdpr=0&prid=8PRVV7640&cid=8CU157172&crid=858412214&vi=1638488555656014322&ugd=4&lf=6&cc=CH&sc=ZH&lper=50&wsip=2886781044&r=1638520979551&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&vgd_l2type=setting&vgd_sbSup=0&vgd_is_amp=0&vgd_asn=60068&vgd_rakh=1638488555181756319&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fmedianet.php&vgd_pgid=p11306311666t202112030842&vgd_pgids=1&vgd_gdprcs=1&vgd_uspa=0&hvsid=00001638520979548014104136331645&gdpr=0&vgd_end=1 HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: lg3.media.net Connection: Keep-Alive
2021-12-02 23:42:50 UTC	807	IN	HTTP/1.1 200 OK Server: Apache Content-Length: 35 Content-Type: image/gif Strict-Transport-Security: max-age=21600 Expires: Thu, 02 Dec 2021 23:42:50 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Thu, 02 Dec 2021 23:42:50 GMT Connection: close
2021-12-02 23:42:50 UTC	807	IN	Data Raw: 47 49 46 38 37 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 2c 00 00 00 00 01 00 01 00 00 02 02 4c 01 00 3b Data Ascii: GIF87a,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.6	49793	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:42:51 UTC	807	OUT	GET /checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=6&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usp HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: contextual.media.net Connection: Keep-Alive Cookie: hbcm_sd=1%7C1638520979780
2021-12-02 23:42:51 UTC	809	IN	HTTP/1.1 200 OK Server: Apache Content-Length: 204 Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=604800 Cache-Control: max-age=657589 Date: Thu, 02 Dec 2021 23:42:51 GMT Connection: close
2021-12-02 23:42:51 UTC	809	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3a 20 53 51 4c 53 54 41 54 45 5b 48 59 30 30 30 5d 20 5b 32 30 30 36 5d 20 4d 79 53 51 4c 20 73 65 72 76 65 72 20 68 61 73 20 67 6f 6e 65 20 61 77 61 79 43 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3a 20 53 51 4c 53 54 41 54 45 5b 48 59 30 30 30 5d 20 5b 32 30 30 36 5d 20 4d 79 53 51 4c 20 73 65 72 76 65 72 20 68 61 73 20 67 6f 6e 65 20 61 77 61 79 43 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3a 20 53 51 4c 53 54 41 54 45 5b 48 59 30 30 30 5d 20 5b 32 30 30 36 5d 20 4d 79 53 51 4c 20 73 65 72 76 65 72 20 68 61 73 20 67 6f 6e 65 20 61 77 61 79 Data Ascii: Connection failed: SQLSTATE[HY000] [2006] MySQL server has gone awayConnection failed: SQLSTATE[HY000] [2006] MySQL server has gone awayConnection failed: SQLSTATE[HY000] [2006] MySQL server has gone away

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.6	49790	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:42:51 UTC	808	OUT	GET /rtbsmpubs.php?&gdpr=0&gdprconsent=1&usp_enf=1&usp_status=0&cid=8HBI57XIG&region=nv&ptrid=8PR68Q253&requestString=6704687434%7C300x250%7C8CU157172%7C858412214%7C&crid=670468743&sd=1&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&bl=1&rt=5&dn=https://contextual.media.net&https=1&act=headerBid&prvReqId=655139198087331261638520979902&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.17810036448631755&ndec=1&scrsize=1280x1024&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A284%2C%22vh%22%3A271%2C%22ph%22%3A271%7D&itype=HB-CM&cc=CH&rc=ZH&ct=ZURICH&bt=1&gcp=1&isRefresh=0&callback=window.hbCMBidxc.rtbsheaderBid3S0 HTTP/1.1 Accept: application/javascript, /*;q=0.8 Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: contextual.media.net Connection: Keep-Alive Cookie: hbcm_sd=1%7C1638520979780
2021-12-02 23:42:51 UTC	809	IN	HTTP/1.1 200 OK Server: Apache Content-Length: 4169 Content-Type: text/javascript X-MNET-HL2: E Timing-Allow-Origin: * Strict-Transport-Security: max-age=604800 Expires: Thu, 02 Dec 2021 23:42:51 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Thu, 02 Dec 2021 23:42:51 GMT Connection: close
2021-12-02 23:42:51 UTC	809	IN	Data Raw: 20 Data Ascii:
2021-12-02 23:42:51 UTC	809	IN	Data Raw: 77 69 6e 64 6f 77 2e 68 62 43 4d 42 69 64 78 63 2e 72 74 62 73 68 65 61 64 65 72 42 69 64 33 53 30 28 7b 22 70 69 6e 66 6f 22 3a 7b 22 34 22 3a 7b 22 61 64 43 6f 64 65 54 79 70 65 22 3a 22 42 41 4e 4e 45 52 22 2c 22 61 64 46 6f 72 6d 61 74 22 3a 22 68 74 6d 6c 22 2c 22 61 65 22 3a 66 61 6c 73 65 7d 7d 2c 22 6d 65 74 61 22 3a 7b 22 61 75 63 74 69 6f 6e 5f 69 64 22 3a 22 37 36 31 31 32 32 33 39 37 36 32 39 39 36 38 35 39 5f 35 33 31 37 35 37 32 39 22 2c 22 72 65 67 69 6f 6e 22 3a 22 6e 79 64 63 22 2c 22 76 63 66 6c 22 3a 66 61 6c 73 65 2c 22 73 65 72 76 65 72 49 64 22 3a 22 63 31 30 2d 6d 6f 77 78 2d 70 72 6f 64 2d 31 22 2c 22 61 70 69 64 22 3a 31 2c 22 70 72 76 52 65 71 49 64 22 3a 22 36 35 35 31 33 39 31 39 38 30 38 37 33 33 31 32 36 31 36 33 38 35 32 30 Data Ascii: window.hbCMBidxc.rtbsheaderBid3S0({"pinfo":{"4":{"adCodeType":"BANNER","adFormat":"html","ae":false}},"meta":{"auction_id":"76112239762996859_53175729","region":"nydc","vcfl":false,"serverId":"c10-mowx-prod-1","apid":1,"prvReqId":"655139198087331261638520

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.6	49798	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:42:57 UTC	814	OUT	GET /checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=5&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usp HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: contextual.media.net Connection: Keep-Alive Cookie: hbcm_sd=2%7C1638520979780
2021-12-02 23:42:57 UTC	814	IN	HTTP/1.1 200 OK Server: Apache Content-Length: 204 Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=604800 Cache-Control: max-age=657583 Date: Thu, 02 Dec 2021 23:42:57 GMT Connection: close
2021-12-02 23:42:57 UTC	814	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3a 20 53 51 4c 53 54 41 54 45 5b 48 59 30 30 30 5d 20 5b 32 30 30 36 5d 20 4d 79 53 51 4c 20 73 65 72 76 65 72 20 68 61 73 20 67 6f 6e 65 20 61 77 61 79 43 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3a 20 53 51 4c 53 54 41 54 45 5b 48 59 30 30 30 5d 20 5b 32 30 30 36 5d 20 4d 79 53 51 4c 20 73 65 72 76 65 72 20 68 61 73 20 67 6f 6e 65 20 61 77 61 79 43 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3a 20 53 51 4c 53 54 41 54 45 5b 48 59 30 30 30 5d 20 5b 32 30 30 36 5d 20 4d 79 53 51 4c 20 73 65 72 76 65 72 20 68 61 73 20 67 6f 6e 65 20 61 77 61 79 Data Ascii: Connection failed: SQLSTATE[HY000] [2006] MySQL server has gone awayConnection failed: SQLSTATE[HY000] [2006] MySQL server has gone awayConnection failed: SQLSTATE[HY000] [2006] MySQL server has gone away

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.6	49799	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:42:57 UTC	815	OUT	GET /rtbsmpubs.php?&gdpr=0&gdprconsent=1&usp_enf=1&usp_status=0&cid=8HBI57XIG&region=nv&ptrid=8PR68Q253&requestString=9765319144%7C300x250%7C8CU157172%7C722878611%7C&crid=976531914&sd=2&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&bl=1&rt=5&dn=https://contextual.media.net&https=1&act=headerBid&prvReqId=695089110086948631638520986847&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.519716239585557&ndec=1&scrsize=1280x1024&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A284%2C%22vh%22%3A271%2C%22ph%22%3A271%7D&itype=HB-CM&cc=CH&rc=ZH&ct=ZURICH&bt=1&gcp=1&isRefresh=0&callback=window.hbCMBidxc.rtbsheaderBid3S0 HTTP/1.1 Accept: application/javascript, /*;q=0.8 Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: contextual.media.net Connection: Keep-Alive Cookie: hbcm_sd=2%7C1638520979780
2021-12-02 23:42:58 UTC	816	IN	HTTP/1.1 200 OK Server: Apache Content-Length: 4175 Content-Type: text/javascript X-MNET-HL2: E Timing-Allow-Origin: * Strict-Transport-Security: max-age=604800 Expires: Thu, 02 Dec 2021 23:42:57 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Thu, 02 Dec 2021 23:42:57 GMT Connection: close
2021-12-02 23:42:58 UTC	816	IN	Data Raw: 20 Data Ascii:
2021-12-02 23:42:58 UTC	816	IN	Data Raw: 77 69 6e 64 6f 77 2e 68 62 43 4d 42 69 64 78 63 2e 72 74 62 73 68 65 61 64 65 72 42 69 64 33 53 30 28 7b 22 70 69 6e 66 6f 22 3a 7b 22 34 22 3a 7b 22 61 64 43 6f 64 65 54 79 70 65 22 3a 22 42 41 4e 4e 45 52 22 2c 22 61 64 46 6f 72 6d 61 74 22 3a 22 68 74 6d 6c 22 2c 22 61 65 22 3a 66 61 6c 73 65 7d 7d 2c 22 6d 65 74 61 22 3a 7b 22 61 75 63 74 69 6f 6e 5f 69 64 22 3a 22 35 36 35 31 34 31 35 32 36 35 31 34 32 32 35 38 5f 31 30 30 36 37 31 32 37 33 33 22 2c 22 72 65 67 69 6f 6e 22 3a 22 6e 79 64 63 22 2c 22 76 63 66 6c 22 3a 66 61 6c 73 65 2c 22 73 65 72 76 65 72 49 64 22 3a 22 63 31 30 2d 6d 6f 77 78 2d 77 65 62 2d 34 33 22 2c 22 61 70 69 64 22 3a 31 2c 22 70 72 76 52 65 71 49 64 22 3a 22 36 39 35 30 38 39 31 31 30 30 38 36 39 34 38 36 33 31 36 33 38 35 32 Data Ascii: window.hbCMBidxc.rtbsheaderBid3S0({"pinfo":{"4":{"adCodeType":"BANNER","adFormat":"html","ae":false}},"meta":{"auction_id":"5651415265142258_1006712733","region":"nydc","vcfl":false,"serverId":"c10-mowx-web-43","apid":1,"prvReqId":"69508911008694863163852

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.6	49802	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:42:58 UTC	820	OUT	GET /803288796/fcmain.js?cb=window._mNDetails.initAd&&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3D%3D&crid=858412214&size=306x271&cc=CH&https=1&vif=2&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&nse=5&vi=1638488555656014322&ugd=4&rtbs=1&nb=1 HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: contextual.media.net Connection: Keep-Alive Cookie: hbcm_sd=4%7C1638520979780
2021-12-02 23:42:58 UTC	821	IN	HTTP/1.1 200 OK Server: Apache Content-Length: 39425 Content-Type: text/javascript X-MNT-HL2: 8-18 X-MNT-W: 21-xj05 Strict-Transport-Security: max-age=604800 Expires: Thu, 02 Dec 2021 23:42:58 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Thu, 02 Dec 2021 23:42:58 GMT Connection: close
2021-12-02 23:42:58 UTC	821	IN	Data Raw: 20 20 20 20 Data Ascii:
2021-12-02 23:42:58 UTC	821	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3b 77 69 6e 64 6f 77 2e 5f 6d 4e 44 65 74 61 69 6c 73 2e 69 6e 69 74 41 64 28 7b 22 76 69 22 3a 22 31 36 33 38 34 38 38 35 35 35 36 35 36 30 31 34 33 32 32 22 2c 22 73 22 3a 7b 22 5f 6d 4e 4c 32 22 3a 7b 22 73 69 7a 65 22 3a 22 33 30 36 78 32 37 31 22 2c 22 76 69 43 6f 6d 70 22 3a 22 31 36 33 38 34 38 35 33 31 34 32 36 31 32 32 39 37 33 33 22 2c 22 68 69 64 65 41 64 55 6e 69 74 41 42 50 22 3a 74 72 75 65 2c 22 61 62 70 6c 22 3a 22 33 22 2c 22 63 75 73 74 48 74 22 3a 22 22 2c 22 73 65 74 4c 33 31 30 30 22 3a 22 31 22 7d 2c 22 6c 68 70 22 3a 7b 22 6c 32 77 73 69 70 22 3a 22 31 37 30 37 32 31 36 33 31 22 2c 22 6c 32 61 63 22 3a 22 22 2c 22 73 65 74 68 63 73 64 22 3a 22 73 65 74 21 41 31 38 7c 38 30 31 33 22 7d 2c 22 Data Ascii: ;window._mNDetails.initAd({"vi":"1638488555656014322","s":{"_mNL2":{"size":"306x271","viComp":"1638485314261229733","hideAdUnitABP":true,"abpl":"3","custHt":"","setL3100":"1"},"lhp":{"l2wsip":"170721631","l2ac":"","sethcsd":"set!A18\|8013"},"
2021-12-02 23:42:58 UTC	837	IN	Data Raw: 74 36 63 74 33 37 74 34 34 74 36 62 74 33 32 74 36 36 74 34 63 74 35 33 74 34 39 74 36 38 74 36 38 74 36 33 74 36 31 74 36 33 74 35 37 74 33 30 74 37 37 74 36 35 74 36 61 74 37 30 74 36 64 74 35 35 74 35 35 74 35 33 74 34 35 74 34 35 74 37 30 74 33 37 74 34 38 74 37 36 74 34 62 74 35 32 74 35 31 74 32 35 74 33 33 74 34 34 74 32 35 74 33 33 74 34 34 74 32 35 74 33 37 74 34 33 74 34 65 74 33 37 74 36 36 74 37 35 74 33 32 74 37 36 74 34 62 74 37 34 74 33 38 74 35 66 74 37 33 74 32 35 74 33 33 74 34 34 74 32 35 74 33 37 74 34 33 74 33 32 74 35 36 74 36 66 74 33 31 74 36 33 74 37 33 74 34 62 74 33 30 74 33 36 74 34 35 74 36 63 74 35 31 74 35 36 74 36 64 74 33 39 74 37 37 74 37 34 74 36 34 74 33 37 74 36 62 74 36 64 74 37 39 74 36 38 74 35 35 74 36 34 74 33 38 Data Ascii: t6ct37t44t6bt32t66t4ct53t49t68t68t63t61t63t57t30t77t65t6at70t6dt55t55t53t45t45t70t37t48t76t4bt52t51t25t33t44t25t33t44t25t37t43t4et37t66t75t32t76t4bt74t38t5ft73t25t33t44t25t37t43t32t56t6ft31t63t73t4bt30t36t45t6ct51t56t6dt39t77t74t64t37t6bt6dt79t68t55t64t38
2021-12-02 23:42:58 UTC	845	IN	Data Raw: 33 30 74 33 39 74 33 38 74 36 33 74 32 65 74 36 61 74 37 30 74 36 37 74 33 66 74 37 36 74 33 64 74 33 39 77 78 77 74 36 34 74 37 34 74 34 39 74 36 34 77 79 74 36 65 74 37 35 74 36 63 74 36 63 78 77 74 36 34 74 37 34 77 79 77 74 34 34 74 36 39 74 36 35 7a 74 36 32 74 36 35 74 37 33 74 37 34 74 36 35 74 36 65 7a 74 34 61 74 36 35 74 36 31 74 36 65 74 37 33 7a 74 36 36 74 35 63 74 37 35 74 33 30 74 33 30 74 36 36 74 36 33 74 37 32 7a 74 34 36 74 37 32 74 36 31 74 37 35 74 36 35 74 36 65 77 78 77 74 36 62 74 36 33 77 79 77 74 35 33 74 36 38 74 36 66 74 37 30 74 37 30 74 36 39 74 36 65 74 36 37 7a 74 33 65 7a 74 34 31 74 37 30 74 37 30 74 36 31 74 37 32 74 36 35 74 36 63 7a 74 33 65 7a 74 35 37 74 36 66 74 36 64 74 36 35 74 36 65 74 32 37 74 37 33 7a 74 34 33 Data Ascii: 30t39t38t63t2et6at70t67t3ft76t3dt39wxwt64t74t49t64wyt6et75t6ct6cxwt64t74wywt44t69t65zt62t65t73t74t65t6ezt4at65t61t6et73zt66t5ct75t30t30t66t63t72zt46t72t61t75t65t6ewxwt6bt63wywt53t68t6ft70t70t69t6et67zt3ezt41t70t70t61t72t65t6czt3ezt57t6ft6dt65t6et27t73zt43

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.6	49801	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:42:58 UTC	859	OUT	GET /checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=1053&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usp HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: contextual.media.net Connection: Keep-Alive Cookie: hbcm_sd=4%7C1638520979780
2021-12-02 23:42:58 UTC	860	IN	HTTP/1.1 200 OK Server: Apache Content-Length: 204 Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=604800 Cache-Control: max-age=657582 Date: Thu, 02 Dec 2021 23:42:58 GMT Connection: close
2021-12-02 23:42:58 UTC	860	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3a 20 53 51 4c 53 54 41 54 45 5b 48 59 30 30 30 5d 20 5b 32 30 30 36 5d 20 4d 79 53 51 4c 20 73 65 72 76 65 72 20 68 61 73 20 67 6f 6e 65 20 61 77 61 79 43 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3a 20 53 51 4c 53 54 41 54 45 5b 48 59 30 30 30 5d 20 5b 32 30 30 36 5d 20 4d 79 53 51 4c 20 73 65 72 76 65 72 20 68 61 73 20 67 6f 6e 65 20 61 77 61 79 43 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3a 20 53 51 4c 53 54 41 54 45 5b 48 59 30 30 30 5d 20 5b 32 30 30 36 5d 20 4d 79 53 51 4c 20 73 65 72 76 65 72 20 68 61 73 20 67 6f 6e 65 20 61 77 61 79 Data Ascii: Connection failed: SQLSTATE[HY000] [2006] MySQL server has gone awayConnection failed: SQLSTATE[HY000] [2006] MySQL server has gone awayConnection failed: SQLSTATE[HY000] [2006] MySQL server has gone away

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.6	49800	23.211.6.95	443	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 23:42:58 UTC	860	OUT	GET /checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=7479&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usp HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Referer: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: contextual.media.net Connection: Keep-Alive Cookie: hbcm_sd=4%7C1638520979780
2021-12-02 23:42:58 UTC	861	IN	HTTP/1.1 200 OK Server: Apache Content-Length: 204 Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=604800 Cache-Control: max-age=657582 Date: Thu, 02 Dec 2021 23:42:58 GMT Connection: close
2021-12-02 23:42:58 UTC	861	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3a 20 53 51 4c 53 54 41 54 45 5b 48 59 30 30 30 5d 20 5b 32 30 30 36 5d 20 4d 79 53 51 4c 20 73 65 72 76 65 72 20 68 61 73 20 67 6f 6e 65 20 61 77 61 79 43 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3a 20 53 51 4c 53 54 41 54 45 5b 48 59 30 30 30 5d 20 5b 32 30 30 36 5d 20 4d 79 53 51 4c 20 73 65 72 76 65 72 20 68 61 73 20 67 6f 6e 65 20 61 77 61 79 43 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3a 20 53 51 4c 53 54 41 54 45 5b 48 59 30 30 30 5d 20 5b 32 30 30 36 5d 20 4d 79 53 51 4c 20 73 65 72 76 65 72 20 68 61 73 20 67 6f 6e 65 20 61 77 61 79 Data Ascii: Connection failed: SQLSTATE[HY000] [2006] MySQL server has gone awayConnection failed: SQLSTATE[HY000] [2006] MySQL server has gone awayConnection failed: SQLSTATE[HY000] [2006] MySQL server has gone away

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exe PID: 3272 Parent PID: 3528

General

Start time:	00:42:25
Start date:	03/12/2021
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll"
Imagebase:	0xb80000
File size:	893440 bytes
MD5 hash:	72FCD8FB0ADC38ED9050569AD673650E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: cmd.exe PID: 352 Parent PID: 3272

General

Start time:	00:42:25
Start date:	03/12/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",#1
Imagebase:	0x2a0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: regsvr32.exe PID: 3912 Parent PID: 3272

General

Start time:	00:42:25
Start date:	03/12/2021
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	regsvr32.exe /s C:\Users\user\Desktop\mATFWhYtPk.dll
Imagebase:	0xac0000
File size:	20992 bytes
MD5 hash:	426E7499F6A7346F0410DEAD0805586B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: rundll32.exe PID: 1936 Parent PID: 352

General

Start time:	00:42:25
Start date:	03/12/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",#1
Imagebase:	0x130000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: iexplore.exe PID: 5868 Parent PID: 3272

General

Start time:	00:42:26
Start date:	03/12/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Internet Explorer\iexplore.exe
Imagebase:	0x7ff721e20000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: rundll32.exe PID: 2976 Parent PID: 3272

General

Start time:	00:42:26
Start date:	03/12/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\mATFWhYtPk.dll,DllRegisterServer
Imagebase:	0x130000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: iexplore.exe PID: 6044 Parent PID: 5868

General

Start time:	00:42:27
Start date:	03/12/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5868 CREDAT:17410 /prefetch:2
Imagebase:	0xe90000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: rundll32.exe PID: 4536 Parent PID: 3272

General

Start time:	00:42:33
Start date:	03/12/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\mATFWhYtPk.dll,asbiqstaeqzsycc
Imagebase:	0x130000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: rundll32.exe PID: 6548 Parent PID: 3272

General

Start time:	00:42:37
Start date:	03/12/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\mATFWhYtPk.dll,atwuhkycfybkj
Imagebase:	0x130000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: svchost.exe PID: 6340 Parent PID: 560

General

Start time:	00:43:49
Start date:	03/12/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff6b7590000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: rundll32.exe PID: 4596 Parent PID: 1936

General

Start time:	00:46:03
Start date:	03/12/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
Imagebase:	0x130000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: rundll32.exe PID: 3516 Parent PID: 3912

General

Start time:	00:46:03
Start date:	03/12/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
Imagebase:	0x130000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: rundll32.exe PID: 5796 Parent PID: 2976

General

Start time:	00:46:14
Start date:	03/12/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Uexmfpkplvbbrf\jerrpf.tlt",SfMITlqpKAP
Imagebase:	0x130000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: rundll32.exe PID: 2784 Parent PID: 4536

General

Start time:	00:46:16
Start date:	03/12/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
Imagebase:	0x130000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: rundll32.exe PID: 5812 Parent PID: 6548

General

Start time:	00:46:20
Start date:	03/12/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
Imagebase:	0x130000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: rundll32.exe PID: 5952 Parent PID: 3272

General

Start time:	00:46:20
Start date:	03/12/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
Imagebase:	0x130000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. Regsvr32.exe is also a Microsoft signed binary.
Tactics:	Defense Evasion
Data Sources:	Loaded DLLs, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report mATFWhYtPk

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Code Manipulations

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre