popup
procMemory | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Process Memory

Process memory dump for f7juhkryu4[1].exe (PID 3016, dump 1)

Yara signatures matches on process memory

Match: Network_DGA

  • Q1JZUFQzMi5ETEw= (CRYPT32.DLL)
  • Q1JZUFQzMi5kbGw= (CRYPT32.dll)
  • Q3J5cHRBY3F1aXJlQ29udGV4dA== (CryptAcquireContext)
  • Q3J5cHRDcmVhdGVIYXNo (CryptCreateHash)
  • Q3J5cHRIYXNoRGF0YQ== (CryptHashData)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • R2V0U3lzdGVtVGltZQ== (GetSystemTime)
  • R2V0U3lzdGVtVGltZUFzRmlsZVRpbWU= (GetSystemTimeAsFileTime)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • U3lzdGVtVGltZVRvRmlsZVRpbWU= (SystemTimeToFileTime)
  • V0lOSU5FVC5ETEw= (WININET.DLL)
  • V0lOSU5FVC5kbGw= (WININET.dll)
  • Y3J5cHQzMi5kbGw= (crypt32.dll)
  • YWR2YXBpMzIuZGxs (advapi32.dll)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Network_DNS

  • RE5TQVBJLmRsbA== (DNSAPI.dll)
  • RG5zUXVlcnk= (DnsQuery)
  • V1MyXzMyLkRMTA== (WS2_32.DLL)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQXN5bmNHZXRIb3N0QnlOYW1l (WSAAsyncGetHostByName)
  • Z2V0YWRkcmluZm8= (getaddrinfo)
  • Z2V0aG9zdGJ5bmFtZQ== (gethostbyname)
  • ZG5zYXBpLmRsbA== (dnsapi.dll)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Network_TCP_Socket

  • V1MyXzMyLkRMTA== (WS2_32.DLL)
  • V1MyXzMyLmRsbA== (WS2_32.dll)
  • V1NBQ29ubmVjdA== (WSAConnect)
  • V1NBQ2xlYW51cA== (WSACleanup)
  • V1NBU29ja2V0 (WSASocket)
  • V1NBU2VuZA== (WSASend)
  • V1NBU3RhcnR1cA== (WSAStartup)
  • Y29ubmVjdA== (connect)
  • Y2xvc2Vzb2NrZXQ= (closesocket)
  • c29ja2V0 (socket)
  • c2VuZA== (send)
  • d3MyXzMyLmRsbA== (ws2_32.dll)

Match: Create_Service

  • Q29udHJvbFNlcnZpY2U= (ControlService)
  • Q3JlYXRlU2VydmljZQ== (CreateService)
  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • U3RhcnRTZXJ2aWNl (StartService)
  • UXVlcnlTZXJ2aWNlU3RhdHVz (QueryServiceStatus)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: Sniff_Audio

  • V0lOTU0uZGxs (WINMM.dll)
  • d2F2ZUluQ2xvc2U= (waveInClose)
  • d2F2ZUluQWRkQnVmZmVy (waveInAddBuffer)
  • d2F2ZUluT3Blbg== (waveInOpen)
  • d2F2ZUluU3RhcnQ= (waveInStart)
  • d2F2ZUluUmVzZXQ= (waveInReset)
  • d2lubW0uZGxs (winmm.dll)

Match: Network_HTTP

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)
  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRPcGVuVXJs (InternetOpenUrl)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)
  • SW50ZXJuZXRXcml0ZUZpbGU= (InternetWriteFile)
  • V0lOSU5FVC5ETEw= (WININET.DLL)
  • V0lOSU5FVC5kbGw= (WININET.dll)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Escalate_priviledges

  • QURWQVBJMzIuRExM (ADVAPI32.DLL)
  • QURWQVBJMzIuZGxs (ADVAPI32.dll)
  • QWRqdXN0VG9rZW5Qcml2aWxlZ2Vz (AdjustTokenPrivileges)
  • YWR2YXBpMzIuZGxs (advapi32.dll)

Match: KeyLogger

  • R2V0QXN5bmNLZXlTdGF0ZQ== (GetAsyncKeyState)
  • R2V0S2V5U3RhdGU= (GetKeyState)
  • R2V0S2V5Ym9hcmRUeXBl (GetKeyboardType)
  • TWFwVmlydHVhbEtleQ== (MapVirtualKey)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Network_FTP

  • RnRwQ3JlYXRlRGlyZWN0b3J5 (FtpCreateDirectory)
  • RnRwR2V0Q3VycmVudERpcmVjdG9yeQ== (FtpGetCurrentDirectory)
  • RnRwR2V0RmlsZQ== (FtpGetFile)
  • RnRwR2V0RmlsZVNpemU= (FtpGetFileSize)
  • RnRwRGVsZXRlRmlsZQ== (FtpDeleteFile)
  • RnRwT3BlbkZpbGU= (FtpOpenFile)
  • RnRwU2V0Q3VycmVudERpcmVjdG9yeQ== (FtpSetCurrentDirectory)
  • RnRwUHV0RmlsZQ== (FtpPutFile)
  • RnRwUmVtb3ZlRGlyZWN0b3J5 (FtpRemoveDirectory)
  • RnRwUmVuYW1lRmlsZQ== (FtpRenameFile)
  • V0lOSU5FVC5ETEw= (WININET.DLL)
  • V0lOSU5FVC5kbGw= (WININET.dll)
  • d2luaW5ldC5kbGw= (wininet.dll)

Match: Win_Trojan_agentTesla_Zero

  • Q3JlYXRlVGhyZWFk (CreateThread)
  • R2V0RW52aXJvbm1lbnRWYXJpYWJsZQ== (GetEnvironmentVariable)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Hijack_Network

  • U09GVFdBUkVcQ2xhc3Nlc1xQUk9UT0NPTFNcSGFuZGxlcg== (SOFTWARE\Classes\PROTOCOLS\Handler)
  • ZHJpdmVyc1xldGNcaG9zdHM= (drivers\etc\hosts)

Match: Code_injection

  • Q3JlYXRlUmVtb3RlVGhyZWFk (CreateRemoteThread)
  • Q3JlYXRlVGhyZWFk (CreateThread)
  • T3BlblByb2Nlc3M= (OpenProcess)
  • TnRXcml0ZVZpcnR1YWxNZW1vcnk= (NtWriteVirtualMemory)
  • V3JpdGVQcm9jZXNzTWVtb3J5 (WriteProcessMemory)
  • VmlydHVhbEFsbG9jRXg= (VirtualAllocEx)

Match: Chrome_User_Data_Check_Zero

  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXA== (\Google\Chrome\User Data\)
  • XEdvb2dsZVxDaHJvbWVcVXNlciBEYXRhXERlZmF1bHRcQ29va2llcw== (\Google\Chrome\User Data\Default\Cookies)

Match: Str_Win32_Http_API

  • SHR0cE9wZW5SZXF1ZXN0 (HttpOpenRequest)
  • SHR0cFF1ZXJ5SW5mbw== (HttpQueryInfo)
  • SHR0cFNlbmRSZXF1ZXN0 (HttpSendRequest)

Match: Str_Win32_Internet_API

  • SW50ZXJuZXRDb25uZWN0 (InternetConnect)
  • SW50ZXJuZXRDbG9zZUhhbmRsZQ== (InternetCloseHandle)
  • SW50ZXJuZXRPcGVu (InternetOpen)
  • SW50ZXJuZXRSZWFkRmlsZQ== (InternetReadFile)

Match: infoStealer_browser_Zero

  • TG9jYWxcR29vZ2xlXENocm9tZVxVc2VyIERhdGE= (Local\Google\Chrome\User Data)

Match: local_credential_Steal

  • Q3JlZEVudW1lcmF0ZUE= (CredEnumerateA)
  • Q3JlZEVudW1lcmF0ZVc= (CredEnumerateW)
  • THNhRW51bWVyYXRlTG9nb25TZXNzaW9ucw== (LsaEnumerateLogonSessions)
  • U2FtSUNvbm5lY3Q= (SamIConnect)
  • U2FtUXVlcnlJbmZvcm1hdGlvblVzZQ== (SamQueryInformationUse)

Match: ScreenShot

  • Qml0Qmx0 (BitBlt)
  • R0RJMzIuZGxs (GDI32.dll)
  • R2V0REM= (GetDC)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • Z2RpMzIuZGxs (gdi32.dll)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Network_Downloader

  • VVJMRG93bmxvYWRUb0NhY2hlRmlsZQ== (URLDownloadToCacheFile)
  • VVJMRG93bmxvYWRUb0ZpbGU= (URLDownloadToFile)
  • VVJMT3BlblB1bGxTdHJlYW0= (URLOpenPullStream)
  • VVJMT3BlblN0cmVhbQ== (URLOpenStream)
  • VXJsbW9uLmRsbA== (Urlmon.dll)
  • dXJsbW9uLmRsbA== (urlmon.dll)

Match: Network_P2P_Win

  • UGVlckNvbGxhYkV4cG9ydENvbnRhY3Q= (PeerCollabExportContact)
  • UGVlckNvbGxhYkdldEFwcGxpY2F0aW9uUmVnaXN0cmF0aW9uSW5mbw== (PeerCollabGetApplicationRegistrationInfo)
  • UGVlckNvbGxhYkdldEV2ZW50RGF0YQ== (PeerCollabGetEventData)
  • UGVlckNvbGxhYkdldEVuZHBvaW50TmFtZQ== (PeerCollabGetEndpointName)
  • UGVlckNvbGxhYkdldEludml0YXRpb25SZXNwb25zZQ== (PeerCollabGetInvitationResponse)
  • UGVlckNvbGxhYkdldFByZXNlbmNlSW5mbw== (PeerCollabGetPresenceInfo)
  • UGVlckNvbGxhYkdldFNpZ25pbk9wdGlvbnM= (PeerCollabGetSigninOptions)
  • UGVlckNvbGxhYkludml0ZUNvbnRhY3Q= (PeerCollabInviteContact)
  • UGVlckNvbGxhYkludml0ZUVuZHBvaW50 (PeerCollabInviteEndpoint)
  • UGVlckNvbGxhYlBhcnNlQ29udGFjdA== (PeerCollabParseContact)
  • UGVlckNvbGxhYlF1ZXJ5Q29udGFjdERhdGE= (PeerCollabQueryContactData)
  • UGVlckNvbGxhYlJlZ2lzdGVyQXBwbGljYXRpb24= (PeerCollabRegisterApplication)
  • UGVlckNvbGxhYlJlZ2lzdGVyRXZlbnQ= (PeerCollabRegisterEvent)
  • UGVlckNvbGxhYlJlZnJlc2hFbmRwb2ludERhdGE= (PeerCollabRefreshEndpointData)
  • UGVlckNvbGxhYlNldE9iamVjdA== (PeerCollabSetObject)
  • UGVlckNvbGxhYlNldEVuZHBvaW50TmFtZQ== (PeerCollabSetEndpointName)
  • UGVlckNvbGxhYlNldFByZXNlbmNlSW5mbw== (PeerCollabSetPresenceInfo)
  • UGVlckNvbGxhYlNpZ25vdXQ= (PeerCollabSignout)
  • UGVlckNvbGxhYlVucmVnaXN0ZXJBcHBsaWNhdGlvbg== (PeerCollabUnregisterApplication)
  • UGVlckNvbGxhYlVwZGF0ZUNvbnRhY3Q= (PeerCollabUpdateContact)

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerCheck__RemoteAPI

  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: DebuggerException__ConsoleCtrl

  • R2VuZXJhdGVDb25zb2xlQ3RybEV2ZW50 (GenerateConsoleCtrlEvent)

Match: DebuggerException__SetConsoleCtrl

  • U2V0Q29uc29sZUN0cmxIYW5kbGVy (SetConsoleCtrlHandler)

Match: ThreadControl__Context

  • U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: Check_Dlls

  • ZGJnaGVscC5kbGw= (dbghelp.dll)
  • cHN0b3JlYy5kbGw= (pstorec.dll)

Match: anti_dbg

  • Q29udGludWVEZWJ1Z0V2ZW50 (ContinueDebugEvent)
  • Q2hlY2tSZW1vdGVEZWJ1Z2dlclByZXNlbnQ= (CheckRemoteDebuggerPresent)
  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)
  • SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)
  • T3V0cHV0RGVidWdTdHJpbmc= (OutputDebugString)
  • a2VybmVsMzIuZGxs (kernel32.dll)

Match: antisb_threatExpert

  • ZGJnaGVscC5kbGw= (dbghelp.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

  • Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
  • U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
  • VVNFUjMyLkRMTA== (USER32.DLL)
  • VVNFUjMyLmRsbA== (USER32.dll)
  • VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
  • dXNlcjMyLmRsbA== (user32.dll)

Match: Persistence

  • U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3MgTlRcQ3VycmVudFZlcnNpb25cV2lubG9nb24= (SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon)
  • U29mdHdhcmVcTWljcm9zb2Z0XEFjdGl2ZSBTZXR1cFxJbnN0YWxsZWQgQ29tcG9uZW50c1w= (Software\Microsoft\Active Setup\Installed Components\)
  • U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVu (Software\Microsoft\Windows\CurrentVersion\Run)
  • U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuT25jZQ== (Software\Microsoft\Windows\CurrentVersion\RunOnce)
  • d2luLmluaQ== (win.ini)

URLs found in process memory 
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jwTh.img?h=75
    http://ib.adnxs.com/async_usersync_file
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jyJT.img?h=194
    http://175.208.134.150:8282/test/test.eml
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jXod.img?h=75
    https://www.adobe.com/etc.clientlibs/beagle/fe/adobe-head.min.fp-49c976728c560175ef3915d2bbcaa219.js
    https://www.winzip.com/static/css/footer.css
    http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAII.crl0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jVxR.img?h=75
    https://www.adobe.com/etc.clientlibs/globalnav/clientlibs/base/feds.js
    http://ns.adobe.com/photoshop/1.0/
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB15WEhx.img?h=75
    https://check.torproject.org
    https://www.adobe.com/etc.fps.clientlibs/beagle/fe/resources/js/aceui-reimagine.min.fp-46d231648420acef91191168b1b30762.js
    http://ns.adobe.com/exif/1.0/
    https://www.winzip.com/static/css/leap-over-promo.css
    http://crl.chambersign.org/publicnotaryroot.crl0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jn2i.img?h=75
    https://www.adobe.com/etc.clientlibs/beagle/fe/liveperson.min.fp-0232b34deadc0421a8b6a57415f16562.css
    https://support.
    http://www.e-szigno.hu/SZSZ/0
    http://crl.ssc.lt/root-b/cacrl.crl0
    http://www.quovadis.bm0
    http://www.microsoft.com/money
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAbCGCU.img?h=16
    http://www.chambersign.org1
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16juv5.img?h=194
    https://www.gstatic.com/m/images/sy_stars_9.gif
    http://certificates.starfieldtech.com/repository/1604
    https://www.google.com/chrome/static/css/main.v2.min.css
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jug1.img?h=194
    https://www.microsoft.com/onerfstatics/marketingsites-eas-prod/korean/iegallery/_scrf/css/themes=default.device=uplevel_web_pc_midlevel/8b-a47527/81-97d559/21-7d6c87/81-e5bb90?ver=2.0
    https://www.winzip.com/static/images/learn/tutorials/zip.png
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAJz5h3.img?h=16
    http://www.xi-soft.com/downloads/NXSetup_x86.zip
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16ckHa.img?h=194
    http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
    https://www.google.com/chrome/static/images/benefits/module-4/connected_global_desktop.png
    http://www.microsoft.com/library/images/gifs/ticker/white.bmp
    https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2)%20format(%22woff2%22)
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16eU9W.img?h=75
    http://crl.usertrust.com/UTN-USERFirst-NetworkApplications.crl0
    https://www.google.com/chrome/static/images/chrome_throbber_fast.gif
    https://www.netlock.net/docs
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB169raL.img?h=194
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jOrw.img?h=75
    https://www.winzip.com/static/javascript/lang.js
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jvkk.img?h=75
    https://www.facebook.com/chat/video/vide
    http://www.certplus.com/CRL/class3TS.crl0
    http://crl.xrampsecurity.com/XGCA.crl0
    https://www.winzip.com/static/css/wz_ie.css
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jrz1.img?h=194
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jzp4.img?h=75
    https://support.google.com/chrome/?p=plugin_flash
    https://support.microsoft.com/kb/3056819
    https://www.winzip.com/static/css/print.css
    http://www.e-me.lv/repository0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jD68.img?h=75
    https://ssl.google-analytics.com/ga.js
    https://www.winzip.com/static/css/colorbox.css
    http://www.msnbc.com/news/ticker.txt
    http://adobeenterprise.lookbookhq.com
    https://www.adobe.com/etc.clientlibs/beagle/fe/adobe.min.fp-9f089e57989ec2e6fb36add7a91cbd7b.css
    http://w/
    http://www.quovadisglobal.com/cps0
    https://www.winzip.com/static/images/learn/tutorials/unzip.png
    https://www.winzip.com/static/javascript/alt-price.js
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jDhv.img?h=75
    https://support.google.com/chrome/?p=plugin_divx
    https://www.winzip.com/favicon.ico
    http://support.apple.com/kb/HT203092
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16eaCs.img?h=75
    https://www.google.com/chrome/static/images/fallback/thank-you-animation.png
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16hwxK.img?h=75
    http://www.ancert.com/cps0
    https://www.googleadservices.com/pagead/conversion_async.js
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16hXUZ.img?h=194
    http://www.google.com/earth/explore/products/plugin.html
    https://www.google.com/js/gweb/analytics/autotrack.js
    http://www.trustcenter.de/guidelines0
    https://www.google.com/chrome/static/images/fallback/chrome-logo.png
    http://www.trustcenter.de/crl/v2/tc_class_2_ca_II.crl
    https://ocsp.quovadisoffshore.com0
    http://www.e-trust.be/CPS/QNcerts
    http://ns.adobe.com/tiff/1.0/
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16hheL.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16hG9a.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jB90.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBXLW0d.img?h=16
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jS7k.img?h=194
    https://www.microsoft.com/onerfstatics/marketingsites-eas-prod/_h/4c59fa2c/coreui.statics/externalscripts/jquery/jquery-1.11.1.min.js
    http://ocsp.infonotary.com/responder.cgi0V
    https://www.google.com/chrome/static/images/fallback/google-chrome-logo.jpg
    http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB15NptR.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jBq3.img?h=75
    http://support.microsoft.com/kb/9311250
    https://acdn.adnxs.com/dmp/async_usersync.html
    http://www.d-trust.net/crl/d-trust_qualified_root_ca_1_2007_pn.crl0
    http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
    https://www.winzip.com/static/css/layout-new.css
    https://helpx.adobe.com/security/products/shockwave/apsb14-10.html
    http://ns.adobe.com/xap/1.0/
    https://www.winzip.com/static/css/dropdowntheme_common-new.css
    http://www.echoworx.com/ca/root2/cps.pdf0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB12Yeat.img?h=194
    https://www.google.com/chrome/static/images/app-store-download.png
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jrwL.img?h=75
    https://www.winzip.com/static/css/ipm/nag-1/ko.css
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jzdf.img?h=75
    https://www.winzip.com/static/css/dropdownbase-new.css
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16j80p.img?h=75
    http://users.ocsp.d-trust.net03
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16hDso.img?h=75
    https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxO.eot
    https://deff.nelreports.net/api/report?cat=msn
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16judt.img?h=194
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBXuIPr.img?h=16
    https://www.winzip.com/static/images/layout/icon-worldmap.png
    http://www.ssc.lt/cps03
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jKVl.img?h=75
    http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html0
    http://www.microsoft.com/pki/certs/TrustListPCA.crt0
    http://www.pkioverheid.nl/policies/root-policy0
    http://www.entrust.net/CRL/Client1.crl0
    http://www.certplus.com/CRL/class3.crl0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16gc31.img?h=75
    http://www.sk.ee/cps/0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jWFh.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAm2UN1.img?h=16
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB12l5fq.img?h=75
    https://www.catcert.net/verarrel
    http://www.microsoft.com/schemas/ie8tldlistdescription/1.0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16ePZU.img?h=75
    https://supp
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jngY.img?h=75
    http://localizability/practices/XML.asp
    http://ca.sia.it/secsrv/repository/CRL.der0J
    http://app3
    https://www.winzip.com/static/css/ipm/nag/css3-mediaqueries.min.js
    http://fpdownload.macromedia.com/get/sh
    http://pki-root.ecertpki.cl/CertEnroll/E-CERT%20ROOT%20CA.crl0
    http://crl.ssc.lt/root-a/cacrl.crl0
    https://csp.withgoogle.com/csp/scfe
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16eXaM.img?h=194
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16ein9.img?h=75
    http://crl.usertrust.com/UTN-USERFirst-Object.crl0)
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jO0V.img?h=75
    https://support.google.com/chrome/?p=plugin_real
    http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAI.crl0
    http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBMSLJF.img?h=16
    https://www.google.com/chrome/static/images/fallback/benefits/benefits-icon-fast.jpg
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16etuG.img?h=75
    http://crl.chambersign.org/chambersroot.crl0
    http://adobe.lookbookhq.com
    https://www.google.com/chrome/static/images/benefits/module-2/translate_global_desktop.png
    http://acraiz.icpbrasil.gov.br/LCRacraiz.crl0
    https://www.google.com/chrome/static/images/fallback/icon-file-download.jpg
    https://helpx.adobe.com/security/products/reader/apsb14-28.html
    https://www.adobe.com/etc.fps.clientlibs/beagle/fe/resources/css/aceui-reimagine.min.fp-cade4981d4665389dc5192362802d649.css
    https://adobeenterprise.lookbookhq.com
    http://crl.usertrust.com/UTN-USERFirst-ClientAuthenticationandEmail.crl0
    https://lh3.googleusercontent.com/gv4UzxwBWVHxxyY26lRgv7WIeFfZZSSCGe5vUBZdm7ePRpUvmf_5Cs23ZTgETaA2kyU4=w18-h18
    https://sports.yahoo.com/dailyfantasy
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16cfO2.img?h=75
    https://www.winzip.com/static/images/colorbox/border2.png
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jMtS.img?h=75
    https://www.microsoft.com/mwf/js/MWF_20200416_22921869/alert/autosuggest/banner/contentplacement/contentplacementitem/glyph/heading/hyperlinkgroup/image/list/pagebehaviors/paragraph/select/selectmenu/skiptomain?apiVersion=1.0
    http://www.pki.gva.es/cps0
    http://service.real.com/realplayer/security/02062012_player/en/
    https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc8.eot
    http://www.passport.com
    http://www.corel.com
    https://www.winzip.com/static/images/products/winzip/boxshots/standard/right/winzip_std_generic_rt_nag_1.png
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jvLq.img?h=194
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16ju2o.img?h=75
    https://www.google.com/chrome/static/images/fallback/icon-twitter.jpg
    https://www.microsoft.com/onerfstatics/marketingsites-eas-prod/iegallery/_scrf/js/themes=default/2f-63ce8f/45-f9a0d4/27-3d06a3/aa-dc1460/2d-7a9063/dc-7e9864/4f-5115f8/7d-266f10/4a-abd94b/6d-c07ea1/45-6fa1b7/23-c64e70/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/f8-73a5f2/79-499886/7e-cda2d3/b2-7087f0/ea-1a640b/91-97a04f/1f-100dea/33-abe4df/fe-a5cf09/e3-082b89?ver=2.0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jrc2.img?h=250
    http://repository.swisssign.com/0
    http://www.acabogacia.org0
    http://crl.ssc.lt/root-c/cacrl.crl0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16htgc.img?h=194
    https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlI3I.eot
    https://www.adobe.com/marketingtech/main.min.js
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jren.img?h=75
    https://www.google.com/chrome/static/images/fallback/icon-x.jpg
    https://www.google.com/chrome/static/images/fallback/icon-help.jpg
    http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBXMqcz.img?h=16
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16joyz.img?h=75
    https://www.winzip.com/static/javascript/misc.js
    https://www.winzip.com/static/images/icon-yt.png
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jZDK.img?h=194
    https://www.winzip.com/cgi-bin/getfree.cgi
    https://ca.sia.it/secsrv/repository/CPS0
    http://forms.real.com/real/realone/download.html?type=rpsp_us
    https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff)%20format(%22woff%22)
    https://www.winzip.com/static/css/buttons.css
    https://www.google.com/chrome/static/images/devices.png
    https://www.googletagmanager.com/gtm.js?id=GTM-T3FM8Z
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16i2tC.img?h=194
    https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVF9eK.eot
    https://www.google.com/chrome/static/images/download-bg-mobile.svg
    https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
    https://fonts.gstatic.com/s/googlesans/v9/4UabrENHsxJlGDuGo1OIlLU94YtzCwI.eot
    https://www.gstatic.com/external_hosted/modernizr/modernizr.js
    https://www.google.com/chrome/static/images/fallback/google-logo-one-color.jpg
    http://www.registradores.org/scr/normativa/cp_f2.htm0
    http://crl.oces.certifikat.dk/oces.crl0
    http://ca.sia.it/seccli/repository/CRL.der0J
    https://www.adobe.com/etc.clientlibs/beagle/fe/thirdparty-new.min.fp-82c94a7b28ebafb87f108e6611d49a7c.css
    https://www.google.com/chrome/static/images/benefits/module-1/save_password_global_desktop.png
    https://www.winzip.com/static/javascript/wzformval.js
    https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.eot?
    http://www.usertrust.com1604
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jpqk.img?h=75
    http://repository.infonotary.com/cps/qcps.html0
    https://www.winzip.com/static/css/dropdown_common-new.css
    https://c.bing.com/c.gif?Red3=MSOATH_pd
    https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.svg)%20format(%22svg%22
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16ioyB.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jsQ9.img?h=194
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jxK2.img?h=75
    http://www.e-szigno.hu/RootCA.crl
    http://google.com/
    https://www.winzip.com/lang.json
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB13cKua.img?h=75
    https://www.adobe.com/etc.clientlibs/globalnav/clientlibs/base/polyfills.js
    http://crl.securetrust.com/STCA.crl0
    https://www.winzip.com/static/images/badges/cnet-editors-rating.png
    http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0=
    https://www.google.com/chrome/static/images/benefits/module-3/chrome_global_desktop.png
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jwn4.img?h=194
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jiCE.img?h=75
    https://www.winzip.com/static/javascript/jquery/jquerydropdown.js
    http://crl.comodo.net/AAACertificateServices.crl0
    http://ns.adobe.com/xap/1.0/mm/
    http://www.trustdst.com/certificates/policy/ACES-index.html0
    https://www.googletagmanager.com/gtm.js?id=GTM-KJJ3BWB
    https://www.adobe.com/etc.clientlibs/beagle/fe/customized.min.fp-5876809881d0e76ff804d3d7eb7811af.css
    http://cps.chambersign.org/cps/chambersroot.html0
    https://www.winzip.com/static/images/products/winzip/boxshots/standard/right/winzip_std_generic_rt_nag_5.png
    https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc8.eot
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jkR9.img?h=75
    https://www.google.com/chrome/static/images/fallback/benefits/benefits-icon-world.jpg
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16ju7Z.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16erBT.img?h=75
    https://www.google.com/chrome/static/images/fallback/benefits/benefits-icon-shield.jpg
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16joHN.img?h=194
    http://www.acabogacia.org/doc0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16hqtU.img?h=75
    https://www.winzip.com/static/images/layout/wz-logo.png
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB11qVJY.img?h=75
    https://support.google.c
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBiIVsY.img?h=16
    https://www.catcert.net/verarrel05
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16ju0l.img?h=75
    http://crl.securetrust.com/SGCA.crl0
    https://www.winzip.com/static/css/legacy.css
    http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAIII.crl0
    http://crl.globalsign.net/root-r2.crl0
    http://www.d-trust.net0
    https://www.winzip.com/static/css/ipm/nag/common_styles.css
    https://lh3.googleusercontent.com/-20NuyB0WC36P5OvH-HnVwgMQlIRx47n0At3ZLRZuU2UIuXpsDZVhrsFJMW5DQkQVQU=w18-h18
    https://static.adobelogin.com/imslib/imslib.min.js
    http://175.208.134.150:8282/favicon.ico
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jRsV.img?h=194
    http://www.d-trust.net/crl/d-trust_root_class_2_ca_2007.crl0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jYjB.img?h=75
    https://www.winzip.com/static/css/dropdowntheme-new.css
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jWLG.img?h=250
    https://www.winzip.com/static/images/ipm/nag/nag-1/cloud-bg.jpg
    http://www.signatur.rtr.at/de/directory/cps.html0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jf0V.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16hQip.img?h=75
    http://www.comsign.co.il/cps0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16joL3.img?h=75
    http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
    http://www.microsoft.com/pki/crl/products/TrustListPCA.crl
    https://www.winzip.com/static/images/icon-fb.png
    https://www.winzip.com/ko/whyuninst.cgi?lang=KO
    https://www.winzip.com/wzgate.cgi?url=www.winzip.com/buynowwzexit
    http://www.globaltrust.info0
    https://www.adobe.com/etc.fps.clientlibs/beagle/fe/resources/font/vjs.eot?
    https://ssl.gstatic.com/support/content/images/static/mspin_googcolor_medium.svg
    https://www.google.com/chrome/static/images/favicons/favicon.ico
    https://www.winzip.com/static/javascript/scripts.js
    https://www.winzip.com/static/images/ipm/nag/nag-1/cloud-bg_1.jpg
    https://secure.a-cert.at/cgi-bin/a-cert-advanced.cgi0
    https://www.winzip.com/static/css/prodpages-subnav.css
    http://crl.usertrust.com/UTN-USERFirst-Hardware.crl01
    https://support.google.com/chrome/?p=plugin_wmp
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16eWRD.img?h=75
    http://srand04rf.ru/f7juhkryu4.exe
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB15geuk.img?h=194
    https://support.google.com/chrome/answer/6258784
    http://www.firmaprofesional.com0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB130Cmm.img?h=194
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jEXK.img?h=75
    http://www.usertrust.com1
    http://www.e-certchile.cl/html/productos/download/CPSv1.7.pdf01
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16eRCn.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16joKW.img?h=194
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jCTt.img?h=194
    https://support.google.com/chrome/?p=plugin_shockwave
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBr3E4Y.img?h=16
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jYpD.img?h=194
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16gJwC.img?h=194
    https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0E
    https://www.google.com/chrome/static/images/fallback/app-store-download.jpg
    http://crl.pki.wellsfargo.com/wsprca.crl0
    https://www.microsoft.com/onerfstatics/marketingsites-eas-prod/iegallery/_scrf/js/themes=default/78-6f121b/94-3cd1e0?ver=2.0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jOrw.img?h=194
    https://www.adobe.com/etc.fps.clientlibs/beagle/fe/resources/font/aceui-fonts.eot?
    http://www.d-trust.net/crl/d-trust_root_class_3_ca_2007.crl0
    http://www.e-szigno.hu/RootCA.crt0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16gMJv.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16hyqI.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16hVBR.img?h=75
    http://purl.org/rss/1.0/
    http://qual.ocsp.d-trust.net0
    http://175.208.134.150:8282/test/doc1.zip
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jFQ9.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jwcc.img?h=75
    http://www.entrust.net/CRL/net1.crl0
    http://www.iec.ch
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB11LKQd.img?h=16
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB15NRgq.img?h=75
    https://support.google.com/chrome/?p=plugin_java
    https://support.google.com/chrome/answer/95346?co=GENIE.Platform%3DDesktop
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jcTX.img?h=75
    https://www.google.com/chrome/static/images/fallback/icon-youtube.jpg
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jv9N.img?h=75
    http://www.certplus.com/CRL/class1.crl0
    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Slim.exe
    https://i.ytimg.com/vi/AkvPssTXfC4/default.jpg?sqp=-oaymwEECHQQQQ
    https://www.winzip.com/static/images/learn/videos/vid-play.png
    https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.ttf)%20format(%22truetype%22)
    http://www.signatur.rtr.at/current.crl0
    https://fonts.googleapis.com/css?family=Google
    http://www.a-cert.at/certificate-policy.html0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16iBl1.img?h=75
    http://www.microsoft.com/library/images/gifs/ticker/f
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jyOM.img?h=194
    https://www.googleadservices.com/pagead/p3p.xml
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jZ4V.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jey4.img?h=194
    http://static-global-s-msn-com.akamaized.net/hp-eas/ko-kr/homepage/_sc/js/d7cb56b9-ae37cc2c/direction=ltr.locales=ko-kr.themes=start.dpi=resolution1x/dd-0c5a59-cb3e3d8f/59-8b3703-b2d9c4ac/4f-f5fbb9-ef289261/9e-a7a255-68ddb2ab/98-7b1b43-2f56670f/8f-c6dc67-eb194185/b8-a3b844-6e2785ec/81-5c84ed-243aa040/d7-f6ade1-9712214f/9e-639daf-68ddb2ab?ver=20200630_24829312
    http://www.microsoft.com/pki/certs/tspca.crt0
    http://www.rootca.or.kr/rca/cps.html0
    https://www.google.com/chrome/static/images/chrome-logo.svg
    https://www.google.com/chrome/static/js/fallback.v2.min.js
    https://helpx.adobe.cJ
    http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
    http://www.sk.ee/juur/crl/0
    https://support.google.com/chrome/?p=plugin_pdf
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16hv1r.img?h=75
    https://www.winzip.com/static/images/products/winzip/boxshots/standard/right/winzip_std_generic_rt_nag_6.png
    http://crl.comodo.net/TrustedCertificateServices.crl0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAjOHXS.img?h=16
    https://www.corel.com/static/common/scripts/gtm/gtm-container.min.js
    https://www.googletagmanager.com/gtag/js?id=UA-229838-11
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16hv1s.img?h=75
    https://www.google.com/chrome/static/images/google-play-download.png
    https://support.google.com/favicon.ico
    https://www.microsoft.com/mwf/css/MWF_20200416_22921869/korean/default/alert/autosuggest/banner/contentplacement/contentplacementitem/glyph/heading/hyperlinkgroup/image/list/pagebehaviors/paragraph/select/selectmenu/skiptomain?apiVersion=1.0
    http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
    http://activex.microsoft.com/controls/microsoft_only/ticker.cab
    https://www.google.com/chrome/static/images/fallback/benefits/benefits-icon-search.jpg
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jr9G.img?h=75
    https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jTKR.img?h=194
    http://static-global-s-msn-com.akamaized.net/hp-eas/ko-kr/homepage/_sc/css/d7cb56b9-5dd9a4a6/direction=ltr.locales=ko-kr.themes=start.dpi=resolution1x/98-3eef90-3f712263/e5-356483-6f7de4e4/7f-145015-ca68106c/8b-ebeae2-94ecea39/11-0b479e-81b44624/89-e36895-3cd6db55/26-fcb117-1a048ec9/d0-9a6dc0-afac0ec6/3d-fa3431-21430d26/38-613f66-cb05bc50/d8-fc891b-95644fe3/86-95044d-ada33dc3/35-6904d1-6b315f55/1a-5323d4-3f59757d/d9-276457-bdad6f80/40-182cfe-efb55eb7/41-4feddc-d6db3176/83-778940-491544f8/eb-c31c9a-6eea4185?ver=20200630_24829312
    https://get.adobe.com/reader/
    https://adobe.lookbookhq.com
    https://www.softwareok.com/Download/OnlyStopWatch_x64.zip
    https://www.winzip.com/static/images/learn/videos/mp3-compression-winzip-tb.png
    http://logo.verisign.com/vslogo.gif0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jWFh.img?h=194
    https://www.winzip.com/static/images/learn/tutorials/association-files-tb.png
    http://www.disig.sk/ca/crl/ca_disig.crl0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16j7ye.img?h=75
    https://support.google.com/chrome/?p=plugin_quicktime
    https://www.winzip.com/static/javascript/jquery.colorbox-min.js
    https://www.googletagmanager.com/gtm.js?id=GTM-PZ6TRJB
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16ioyB.img?h=194
    https://www.google.com/url?q=https://support.google.com/chrome/answer/95346%3Fco%3DGENIE.Platform%253DDesktop%26hl%3Dko
    http://crl.usertrust.com/UTN-DATACorpSGC.crl0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBih5H.img?m=6
    http://www.certicamara.com/certicamaraca.crl0
    http://www.post.trust.ie/reposit/cps.html0
    http://www2.public-trust.com/crl/ct/ctroot.crl0
    https://fonts.gstatic.com/s/googlesans/v9/4UaGrENHsxJlGDuGo1OIlL3Owpo.eot
    http://www.certicamara.com0
    https://www.google.com/chrome/static/js/installer.min.js
    http://www.dnie.es/dpc0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16joW8.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jNqP.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBSBMCW.img?h=16
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16eimW.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB14Blvu.img?h=194
    http://ns.adobe.com/xap/1.0/sType/ResourceRef
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16hE5M.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jrHO.img?h=75
    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
    https://pr-bh.ybp.yahoo.com/sync/msn/1B86B6CEB4A46A79259EB833B5EF6B77
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16ci9F.img?h=75
    http://www.disig.sk/ca0f
    http://ocsp.pki.gva.es0
    https://www.winzip.com/static/images/icon-tw.png
    http://www.certicamara.com/dpc/0Z
    https://www.google.com/chrome/static/images/fallback/icon-fb.jpg
    https://www.winzip.com/static/javascript/jquery/jquery-migrate-1.4.1.min.js
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB14hhdd.img?h=194
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AA4nG1z.img?h=16
    http://purl.org/dc/elements/1.1/
    https://www.adobe.com/etc.clientlibs/beagle/fe/adobe.min.fp-5126a3a9012a80969defc0f9e08668e7.js
    http://www.wellsfargo.com/certpolicy0
    http://fedir.comsign.co.il/crl/ComSignCA.crl0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jhRm.img?h=75
    https://www.google.com/chrome/static/css/fallback.v2.min.css
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jEgR.img?h=194
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16iP0e.img?h=75
    https://www.netlock.hu/docs/
    http://www.a-cert.at0E
    https://www.winzip.com/static/images/colorbox/loading.gif
    http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
    https://rca.e-szigno.hu/ocsp0-
    https://www.google.com/chrome/static/images/fallback/google-play-download.jpg
    https://ca.sia.it/seccli/repository/CPS0
    https://www.winzip.com/static/images/colorbox/border1.png
    http://localizability/practices/XMLConfiguration.asp
    https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxO.eot
    http://www.certifikat.dk/repository0
    http://cps.chambersign.org/cps/publicnotaryroot.html0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB15TBnE.img?h=75
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jzu4.img?h=250
    https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBZtbpZ.img?h=16
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jzoG.img?h=75
    https://fonts.googleapis.com/css?lang=ko
    http://ca.disig.sk/ca/crl/ca_disig.crl0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAK5kaw.img?h=194
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jPmp.img?h=75
    https://www.adobe.com/etc.fps.clientlibs/beagle/fe/resources/font/fontawesome-webfont.eot?
    http://cps.chambersign.org/cps/chambersignroot.html0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAyNdMB.img?h=16
    http://www.certplus.com/CRL/class2.crl0
    https://www.winzip.com/static/images/save-50_en.png
    https://www.winzip.com/static/css/mainnav.css
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jnb2.img?h=75
    https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Me5A.eot
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jwkn.img?h=194
    https://www.winzip.com/static/javascript/x-target.js
    http://crl.chambersign.org/chambersignroot.crl0
    http://www.certplus.com/CRL/class3P.crl0
    https://www.winzip.com/wzgate.cgi?lang=KO
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16joWn.img?h=75
    https://www.microsoft.com/onerfstatics/marketingsites-eas-prod/_h/9be151e5/coreui.statics/images/1x1clear.gif
    http://crl.comodoca.com/TrustedCertificateServices.crl0:
    https://www.adobe.com/content/dam/acom/en/error-pages/images/404-1440x612_edge2.jpg
    http://www.valicert.com/1
    https://www.winzip.com/static/images/products/winzip/boxshots/standard/right/winzip_std_generic_rt_shadow_fade_md.png
    http://crl.comodoca.com/AAACertificateServices.crl06
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBbp1ZO.img?h=16
    http://www.crc.bg0
    https://www.winzip.com/static/css/dropdown-new.css
    http://crl.comodoca.com/COMODOCertificationAuthority.crl0
    http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16jVw8.img?h=194
    https://www.googleadservices.com/pagead/conversion.js

Process memory dump for iexplore.exe (PID 5400, dump 1)

Extracted/injected images (may contain unpacked executables)
Download #1

Yara signatures matches on process memory

Match: DebuggerCheck__GlobalFlags

  • TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

  • UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerHiding__Thread

  • U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: SEH__vectored

  • QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
  • UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: anti_dbg

  • RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
  • S0VSTkVMMzIuZGxs (KERNEL32.dll)

Match: disable_dep

  • TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
  • U2V0UHJvY2Vzc0RFUFBvbGljeQ== (SetProcessDEPPolicy)
  • WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)