Windows Analysis Report
audiosrv.dll

Overview

General Information

Sample name:	audiosrv.dll
Analysis ID:	1544424
MD5:	d9b1327b71d0b2c51845b081ca3fe1c4
SHA1:	3ab1e90dd27462e6c5c1047048433ef4627bb672
SHA256:	c6f7c77c55a58bc37b2ea35baa35781bcead5dd48baf6c04e2f4a15fdedb14f4
Infos:

Detection

Matanbuchus

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

System process connects to network (likely due to code injection or exploit)

Yara detected Matanbuchus

Creates a process in suspended mode (likely to inject code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

Registers a DLL

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Network Connection Initiated By Regsvr32.EXE

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Matanbuchus	According to PCrisk, Matanbuchus is a loader-type malicious program offered by its developers as Malware-as-a-Service (MaaS). This piece of software is designed to cause chain infections.Since it is used as a MaaS, both the malware it infiltrates into systems, and the attack reasons can vary - depending on the cyber criminals operating it. Matanbuchus has been observed being used in attacks against US universities and high schools, as well as a Belgian high-tech organization.	No Attribution	https://blog.cyber5w.com/matanbuchus-loader-analysis https://blog.cyble.com/2022/06/23/matanbuchus-loader-resurfaces/ https://isc.sans.edu/diary/rss/28752 https://medium.com/@DCSO_CyTec/a-deal-with-the-devil-analysis-of-a-recent-matanbuchus-sample-3ce991951d6a https://r136a1.info/2022/05/25/introduction-of-a-pe-file-extractor-for-various-situations/	https://malpedia.caad.fkie.fraunhofer.de/details/win.matanbuchus

Signatures

Uses 32bit PE files

Source: audiosrv.dll

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL

Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49811 version: TLS 1.2

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\regsvr32.exe

Network Connect: 76.223.105.230 443

Jump to behavior

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1Host: manageintel.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 76.223.105.230 76.223.105.230

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: AMAZON-02US AMAZON-02US

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Suricata IDS alerts with low severity for network traffic

Source: Network traffic

Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49796 -> 76.223.105.230:443

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1Host: manageintel.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2

Source: global traffic

DNS traffic detected: DNS query: manageintel.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundLink: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossoriginCache-Control: max-age=30Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.comContent-Type: text/html;charset=utf-8Vary: Accept-EncodingServer: DPS/2.0.0+sha-a9ecb8eX-Version: a9ecb8eX-SiteId: us-east-2Set-Cookie: dps_site_id=us-east-2; path=/; secureDate: Tue, 29 Oct 2024 11:06:57 GMTConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundLink: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossoriginCache-Control: max-age=30Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.comContent-Type: text/html;charset=utf-8Vary: Accept-EncodingServer: DPS/2.0.0+sha-a9ecb8eX-Version: a9ecb8eX-SiteId: us-east-2Set-Cookie: dps_site_id=us-east-2; path=/; secureDate: Tue, 29 Oct 2024 11:06:58 GMTConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundLink: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossoriginCache-Control: max-age=30Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.comContent-Type: text/html;charset=utf-8Vary: Accept-EncodingServer: DPS/2.0.0+sha-a9ecb8eX-Version: a9ecb8eX-SiteId: us-east-2Set-Cookie: dps_site_id=us-east-2; path=/; secureDate: Tue, 29 Oct 2024 11:06:59 GMTConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundLink: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossoriginCache-Control: max-age=30Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.comContent-Type: text/html;charset=utf-8Vary: Accept-EncodingServer: DPS/2.0.0+sha-a9ecb8eX-Version: a9ecb8eX-SiteId: us-east-2Set-Cookie: dps_site_id=us-east-2; path=/; secureDate: Tue, 29 Oct 2024 11:07:01 GMTConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundLink: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossoriginCache-Control: max-age=30Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.comContent-Type: text/html;charset=utf-8Vary: Accept-EncodingServer: DPS/2.0.0+sha-a9ecb8eX-Version: a9ecb8eX-SiteId: us-east-2Set-Cookie: dps_site_id=us-east-2; path=/; secureDate: Tue, 29 Oct 2024 11:07:02 GMTConnection: closeTransfer-Encoding: chunked

Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, audiosrv.dll	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: audiosrv.dll	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: audiosrv.dll	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: audiosrv.dll	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: audiosrv.dll	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: audiosrv.dll	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: audiosrv.dll	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, audiosrv.dll	String found in binary or memory: http://ocsp.comodoca.com0
Source: audiosrv.dll	String found in binary or memory: http://ocsp.sectigo.com0
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://scripts.sil.org/OFL
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/JulietaUla/Montserrat)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/clauseggers/Playfair-Display)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2)
Source: regsvr32.exe, 00000003.00000002.2427394559.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_
Source: regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTLYgFE_.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTPYgFE_.woff2)
Source: regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTjYgFE_.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7jsDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7ksDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7osDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7psDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7qsDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7rsDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qN67lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNK7lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNa7lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qO67lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidg18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidh18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidi18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidj18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkido18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidv18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdg18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdh18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdi18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdj18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdo18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdv18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwkxduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlBduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmBduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmhduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmxduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.wof
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.wof__
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlBduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmBduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmRduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmhduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmxduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/isteam/videos/uA41GmyyG8IMaxXdb
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://isteam.wsimg.com
Source: regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/
Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/(
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/404
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/=
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/Host:
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/O
Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xml
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xml1
Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlF
Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlFindOIDInfo
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlS
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmla
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlc
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmls
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xml
Source: regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401673136.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlD
Source: regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401673136.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlP
Source: regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlS
Source: regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlc
Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlertificates
Source: regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmls
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmly
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/S_1
Source: regsvr32.exe, 00000003.00000003.2401707553.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/V
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/cies
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/ot
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/s
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/tificate
Source: audiosrv.dll	String found in binary or memory: https://sectigo.com/CPS0
Source: audiosrv.dll	String found in binary or memory: https://sectigo.com/CPS0D
Source: regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applica

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811

Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49811 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: audiosrv.dll, type: SAMPLE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: audiosrv.dll, type: SAMPLE	Matched rule: Windows_Trojan_Matanbuchus_c7811ccc Author: unknown
Source: 00000003.00000002.2427764945.0000000010001000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 00000003.00000002.2427764945.0000000010001000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_c7811ccc Author: unknown

PE / OLE file has an invalid certificate

Source: audiosrv.dll

Static PE information: invalid certificate

Sample file is different than original file name gathered from version info

Source: audiosrv.dll

Binary or memory string: OriginalFilenamesmphost.dllj% vs audiosrv.dll

Uses 32bit PE files

Source: audiosrv.dll

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL

Yara signature match

Source: audiosrv.dll, type: SAMPLE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: audiosrv.dll, type: SAMPLE	Matched rule: Windows_Trojan_Matanbuchus_c7811ccc reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 05f209a24d9eb2be7fa50444d8271b6f147027291f55a352ac3af5e9b3207010, id = c7811ccc-5d8d-4bc8-a630-ac3282bb207e, last_modified = 2022-04-12
Source: 00000003.00000002.2427764945.0000000010001000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 00000003.00000002.2427764945.0000000010001000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_c7811ccc reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 05f209a24d9eb2be7fa50444d8271b6f147027291f55a352ac3af5e9b3207010, id = c7811ccc-5d8d-4bc8-a630-ac3282bb207e, last_modified = 2022-04-12

Source: classification engine

Classification label: mal64.troj.evad.winDLL@14/0@1/1

Source: C:\Windows\SysWOW64\regsvr32.exe	Mutant created: \Sessions\1\BaseNamedObjects\user-PC
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6380:120:WilError_03

Source: audiosrv.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\audiosrv.dll"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /i /s C:\Users\user\Desktop\audiosrv.dll
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllInstall
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllRegisterServer
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllUnregisterServer
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /i /s C:\Users\user\Desktop\audiosrv.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllInstall	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllRegisterServer	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllUnregisterServer	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: audiosrv.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: audiosrv.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: audiosrv.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: audiosrv.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: audiosrv.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: audiosrv.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Yara detected Matanbuchus

Source: Yara match

File source: audiosrv.dll, type: SAMPLE

PE file contains an invalid checksum

Source: audiosrv.dll

Static PE information: real checksum: 0x28fca should be: 0x28f8a

Registers a DLL

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /i /s C:\Users\user\Desktop\audiosrv.dll

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\SysWOW64\regsvr32.exe TID: 5464	Thread sleep time: -60000s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 320	Thread sleep time: -60000s >= -30000s			Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe

Thread delayed: delay time: 120000

Jump to behavior

Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Windows\SysWOW64\regsvr32.exe

Process information queried: ProcessInformation

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\regsvr32.exe

Network Connect: 76.223.105.230 443

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
76.223.105.230	manageintel.com	United States		16509	AMAZON-02US	true

Contacted Domains

Name	IP	Active
manageintel.com	76.223.105.230	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xml	true		unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xml	true		unknown

Uses 32bit PE files

Source: audiosrv.dll

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL

Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49811 version: TLS 1.2

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\regsvr32.exe

Network Connect: 76.223.105.230 443

Jump to behavior

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1Host: manageintel.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 76.223.105.230 76.223.105.230

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: AMAZON-02US AMAZON-02US

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Suricata IDS alerts with low severity for network traffic

Source: Network traffic

Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49796 -> 76.223.105.230:443

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1Host: manageintel.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2

Source: global traffic

DNS traffic detected: DNS query: manageintel.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundLink: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossoriginCache-Control: max-age=30Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.comContent-Type: text/html;charset=utf-8Vary: Accept-EncodingServer: DPS/2.0.0+sha-a9ecb8eX-Version: a9ecb8eX-SiteId: us-east-2Set-Cookie: dps_site_id=us-east-2; path=/; secureDate: Tue, 29 Oct 2024 11:06:57 GMTConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundLink: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossoriginCache-Control: max-age=30Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.comContent-Type: text/html;charset=utf-8Vary: Accept-EncodingServer: DPS/2.0.0+sha-a9ecb8eX-Version: a9ecb8eX-SiteId: us-east-2Set-Cookie: dps_site_id=us-east-2; path=/; secureDate: Tue, 29 Oct 2024 11:06:58 GMTConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundLink: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossoriginCache-Control: max-age=30Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.comContent-Type: text/html;charset=utf-8Vary: Accept-EncodingServer: DPS/2.0.0+sha-a9ecb8eX-Version: a9ecb8eX-SiteId: us-east-2Set-Cookie: dps_site_id=us-east-2; path=/; secureDate: Tue, 29 Oct 2024 11:06:59 GMTConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundLink: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossoriginCache-Control: max-age=30Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.comContent-Type: text/html;charset=utf-8Vary: Accept-EncodingServer: DPS/2.0.0+sha-a9ecb8eX-Version: a9ecb8eX-SiteId: us-east-2Set-Cookie: dps_site_id=us-east-2; path=/; secureDate: Tue, 29 Oct 2024 11:07:01 GMTConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundLink: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossoriginCache-Control: max-age=30Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.comContent-Type: text/html;charset=utf-8Vary: Accept-EncodingServer: DPS/2.0.0+sha-a9ecb8eX-Version: a9ecb8eX-SiteId: us-east-2Set-Cookie: dps_site_id=us-east-2; path=/; secureDate: Tue, 29 Oct 2024 11:07:02 GMTConnection: closeTransfer-Encoding: chunked

Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, audiosrv.dll	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: audiosrv.dll	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: audiosrv.dll	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: audiosrv.dll	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: audiosrv.dll	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: audiosrv.dll	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: audiosrv.dll	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, audiosrv.dll	String found in binary or memory: http://ocsp.comodoca.com0
Source: audiosrv.dll	String found in binary or memory: http://ocsp.sectigo.com0
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://scripts.sil.org/OFL
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/JulietaUla/Montserrat)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/clauseggers/Playfair-Display)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2)
Source: regsvr32.exe, 00000003.00000002.2427394559.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_
Source: regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTLYgFE_.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTPYgFE_.woff2)
Source: regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTjYgFE_.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7jsDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7ksDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7osDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7psDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7qsDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7rsDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qN67lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNK7lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNa7lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qO67lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidg18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidh18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidi18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidj18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkido18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidv18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdg18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdh18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdi18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdj18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdo18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdv18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwkxduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlBduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmBduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmhduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmxduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.wof
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.wof__
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlBduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmBduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmRduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmhduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmxduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/isteam/videos/uA41GmyyG8IMaxXdb
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://isteam.wsimg.com
Source: regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/
Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/(
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/404
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/=
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/Host:
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/O
Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xml
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xml1
Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlF
Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlFindOIDInfo
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlS
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmla
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlc
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmls
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xml
Source: regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401673136.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlD
Source: regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401673136.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlP
Source: regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlS
Source: regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlc
Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlertificates
Source: regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmls
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmly
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/S_1
Source: regsvr32.exe, 00000003.00000003.2401707553.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/V
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/cies
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/ot
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/s
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/tificate
Source: audiosrv.dll	String found in binary or memory: https://sectigo.com/CPS0
Source: audiosrv.dll	String found in binary or memory: https://sectigo.com/CPS0D
Source: regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applica

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811

Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49811 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: audiosrv.dll, type: SAMPLE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: audiosrv.dll, type: SAMPLE	Matched rule: Windows_Trojan_Matanbuchus_c7811ccc Author: unknown
Source: 00000003.00000002.2427764945.0000000010001000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 00000003.00000002.2427764945.0000000010001000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_c7811ccc Author: unknown

PE / OLE file has an invalid certificate

Source: audiosrv.dll

Static PE information: invalid certificate

Sample file is different than original file name gathered from version info

Source: audiosrv.dll

Binary or memory string: OriginalFilenamesmphost.dllj% vs audiosrv.dll

Uses 32bit PE files

Source: audiosrv.dll

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL

Yara signature match

Source: audiosrv.dll, type: SAMPLE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: audiosrv.dll, type: SAMPLE	Matched rule: Windows_Trojan_Matanbuchus_c7811ccc reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 05f209a24d9eb2be7fa50444d8271b6f147027291f55a352ac3af5e9b3207010, id = c7811ccc-5d8d-4bc8-a630-ac3282bb207e, last_modified = 2022-04-12
Source: 00000003.00000002.2427764945.0000000010001000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 00000003.00000002.2427764945.0000000010001000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_c7811ccc reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 05f209a24d9eb2be7fa50444d8271b6f147027291f55a352ac3af5e9b3207010, id = c7811ccc-5d8d-4bc8-a630-ac3282bb207e, last_modified = 2022-04-12

Source: classification engine

Classification label: mal64.troj.evad.winDLL@14/0@1/1

Source: C:\Windows\SysWOW64\regsvr32.exe	Mutant created: \Sessions\1\BaseNamedObjects\user-PC
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6380:120:WilError_03

Source: audiosrv.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\audiosrv.dll"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /i /s C:\Users\user\Desktop\audiosrv.dll
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllInstall
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllRegisterServer
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllUnregisterServer
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /i /s C:\Users\user\Desktop\audiosrv.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllInstall	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllRegisterServer	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllUnregisterServer	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: audiosrv.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: audiosrv.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: audiosrv.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: audiosrv.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: audiosrv.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: audiosrv.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Yara detected Matanbuchus

Source: Yara match

File source: audiosrv.dll, type: SAMPLE

PE file contains an invalid checksum

Source: audiosrv.dll

Static PE information: real checksum: 0x28fca should be: 0x28f8a

Registers a DLL

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /i /s C:\Users\user\Desktop\audiosrv.dll

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\SysWOW64\regsvr32.exe TID: 5464	Thread sleep time: -60000s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 320	Thread sleep time: -60000s >= -30000s			Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe

Thread delayed: delay time: 120000

Jump to behavior

Binary or memory string: Hyper-V RAW

Source: C:\Windows\SysWOW64\regsvr32.exe

Process information queried: ProcessInformation

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\regsvr32.exe

Network Connect: 76.223.105.230 443

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1

Jump to behavior

ID:	1544424
Product:	CloudBasic
Start time:	12:05:33
Start date:	29.10.2024
Sample:	audiosrv.dll
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	d9b1327b71d0b2c51845b081ca3fe1c4
SHA1:	3ab1e90dd27462e6c5c1047048433ef4627bb672
SHA256:	c6f7c77c55a58bc37b2ea35baa35781bcead5dd48baf6c04e2f4a15fdedb14f4
Filetype:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60%

Windows Analysis Report
audiosrv.dll

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report audiosrv.dll

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
audiosrv.dll

Malware Threat Intel
Provided by