Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.2506

Overview

General Information

Sample Name:SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.2506 (renamed file extension from 2506 to exe)
Analysis ID:278846
MD5:afa4a70aedcc9949034fe421c79cd0fa
SHA1:2dc99a9b2d3082cbdc631c55f4bf7655ab2f434e
SHA256:0eef081dc6538ed471c696ab8e1192a542273fdd566952eac17b7af457763127

Most interesting Screenshot:

Detection

GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Creates autostart registry keys with suspicious values (likely registry only malware)
Hides threads from debuggers
Tries to detect Any.run
Tries to detect virtualization through RDTSC time measurements
Yara detected VB6 Downloader Generic
Abnormal high CPU Usage
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found WSH timer for Javascript or VBS script (likely evasive script)
Found inlined nop instructions (likely shell or obfuscated code)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe (PID: 564 cmdline: 'C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe' MD5: AFA4A70AEDCC9949034FE421C79CD0FA)
    • SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe (PID: 4860 cmdline: 'C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe' MD5: AFA4A70AEDCC9949034FE421C79CD0FA)
      • SPORENTI.exe (PID: 6896 cmdline: 'C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe' MD5: AFA4A70AEDCC9949034FE421C79CD0FA)
        • SPORENTI.exe (PID: 1124 cmdline: 'C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe' MD5: AFA4A70AEDCC9949034FE421C79CD0FA)
  • wscript.exe (PID: 6856 cmdline: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.vbs' MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • SPORENTI.exe (PID: 6884 cmdline: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe MD5: AFA4A70AEDCC9949034FE421C79CD0FA)
      • SPORENTI.exe (PID: 1912 cmdline: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe MD5: AFA4A70AEDCC9949034FE421C79CD0FA)
  • wscript.exe (PID: 6832 cmdline: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.vbs' MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • SPORENTI.exe (PID: 2936 cmdline: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe MD5: AFA4A70AEDCC9949034FE421C79CD0FA)
      • SPORENTI.exe (PID: 5108 cmdline: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe MD5: AFA4A70AEDCC9949034FE421C79CD0FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe PID: 4860JoeSecurity_VB6DownloaderGenericYara detected VB6 Downloader GenericJoe Security
    Process Memory Space: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe PID: 4860JoeSecurity_GuLoaderYara detected GuLoaderJoe Security
      Process Memory Space: SPORENTI.exe PID: 2936JoeSecurity_VB6DownloaderGenericYara detected VB6 Downloader GenericJoe Security
        Process Memory Space: SPORENTI.exe PID: 2936JoeSecurity_GuLoaderYara detected GuLoaderJoe Security
          Process Memory Space: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe PID: 564JoeSecurity_VB6DownloaderGenericYara detected VB6 Downloader GenericJoe Security
            Click to see the 7 entries

            Sigma Overview

            No Sigma rule has matched

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Antivirus / Scanner detection for submitted sampleShow sources
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeAvira: detected
            Antivirus detection for dropped fileShow sources
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeAvira: detection malicious, Label: TR/Injector.khpip
            Multi AV Scanner detection for domain / URLShow sources
            Source: urquilam.com.arVirustotal: Detection: 6%Perma Link
            Source: http://urquilam.com.ar/moodle/enrol/ldap/bin/llETAdnA209.bin#Virustotal: Detection: 13%Perma Link
            Source: http://urquilam.com.ar/moodle/enrol/ldap/bin/llETAdnA209.binVirustotal: Detection: 13%Perma Link
            Source: https://wtstransit.com.sg/wtstransit/lison/llETAdnA209.binVirustotal: Detection: 8%Perma Link
            Multi AV Scanner detection for dropped fileShow sources
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeVirustotal: Detection: 76%Perma Link
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeMetadefender: Detection: 42%Perma Link
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeReversingLabs: Detection: 77%
            Multi AV Scanner detection for submitted fileShow sources
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeVirustotal: Detection: 76%Perma Link
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeMetadefender: Detection: 42%Perma Link
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeReversingLabs: Detection: 77%
            Source: 21.0.SPORENTI.exe.400000.0.unpackAvira: Label: TR/Injector.khpip
            Source: 17.0.SPORENTI.exe.400000.0.unpackAvira: Label: TR/Injector.khpip
            Source: 8.0.SPORENTI.exe.400000.0.unpackAvira: Label: TR/Injector.khpip
            Source: 5.0.SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe.400000.0.unpackAvira: Label: TR/Injector.khpip
            Source: 10.0.SPORENTI.exe.400000.0.unpackAvira: Label: TR/Injector.khpip
            Source: 5.2.SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe.23d0000.1.unpackAvira: Label: TR/Injector.khpip
            Source: 0.0.SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe.400000.0.unpackAvira: Label: TR/Injector.khpip
            Source: 18.0.SPORENTI.exe.400000.0.unpackAvira: Label: TR/Injector.khpip
            Source: 14.0.SPORENTI.exe.400000.0.unpackAvira: Label: TR/Injector.khpip
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 4x nop then push 00000000h0_2_020F0CBE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 4x nop then push 00000000h5_2_00560CBE
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 4x nop then push 00000000h14_2_020A0CBE
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 4x nop then push 00000000h17_2_00560CBE
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 4x nop then push 00000000h18_2_00560CBE
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 4x nop then push 00000000h21_2_00560CBE
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 17_2_00562DE4 InternetReadFile,17_2_00562DE4
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /moodle/enrol/ldap/bin/llETAdnA209.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: urquilam.com.arCache-Control: no-cache
            Source: unknownDNS traffic detected: queries for: wtstransit.com.sg
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 27 Aug 2020 18:43:42 GMTServer: Apache/2.4.43 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4 Phusion_Passenger/5.3.7Content-Length: 315Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCAB
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0L
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.digicert.com0:
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.digicert.z
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://urquilam.com.ar/c
            Source: SPORENTI.exe, 00000011.00000002.442782488.0000000000560000.00000040.00000001.sdmp, SPORENTI.exe, 00000012.00000002.442499744.000000000019A000.00000004.00000001.sdmp, SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmp, SPORENTI.exe, 00000015.00000002.442516774.000000000019A000.00000004.00000001.sdmpString found in binary or memory: http://urquilam.com.ar/moodle/enrol/ldap/bin/llETAdnA209.bin
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://urquilam.com.ar/moodle/enrol/ldap/bin/llETAdnA209.bin#
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://urquilam.com.ar/moodle/enrol/ldap/bin/llETAdnA209.bin0
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://urquilam.com.ar/moodle/enrol/ldap/bin/llETAdnA209.bin1
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://urquilam.com.ar/moodle/enrol/ldap/bin/llETAdnA209.bin2
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://urquilam.com.ar/moodle/enrol/ldap/bin/llETAdnA209.bin3
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://urquilam.com.ar/moodle/enrol/ldap/bin/llETAdnA209.binF
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://urquilam.com.ar/moodle/enrol/ldap/bin/llETAdnA209.binN
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://urquilam.com.ar/moodle/enrol/ldap/bin/llETAdnA209.binS
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://urquilam.com.ar/moodle/enrol/ldap/bin/llETAdnA209.binX
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://urquilam.com.ar/moodle/enrol/ldap/bin/llETAdnA209.bind
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://urquilam.com.ar/moodle/enrol/ldap/bin/llETAdnA209.bine
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://urquilam.com.ar/moodle/enrol/ldap/bin/llETAdnA209.bing
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: http://urquilam.com.ar/moodle/enrol/ldap/bin/llETAdnA209.binw
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: https://wtstransit.com.sg/
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: https://wtstransit.com.sg/$
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: https://wtstransit.com.sg/A
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: https://wtstransit.com.sg/nsit.com.sg/
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: https://wtstransit.com.sg/nsit.com.sg/W
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: https://wtstransit.com.sg/nsit.com.sg/q
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: https://wtstransit.com.sg/nsit.com.sg/urquilam.com.ar
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: https://wtstransit.com.sg/nsit.com.sg/urquilam.com.ar5
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: https://wtstransit.com.sg/p
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: https://wtstransit.com.sg/ta
            Source: SPORENTI.exe, 00000011.00000002.442782488.0000000000560000.00000040.00000001.sdmp, SPORENTI.exe, 00000012.00000002.442745295.0000000000560000.00000040.00000001.sdmp, SPORENTI.exe, 00000015.00000002.442752556.0000000000560000.00000040.00000001.sdmpString found in binary or memory: https://wtstransit.com.sg/wtstransit/lison/llETAdnA209.bin
            Source: SPORENTI.exe, 00000011.00000002.442782488.0000000000560000.00000040.00000001.sdmp, SPORENTI.exe, 00000012.00000002.442745295.0000000000560000.00000040.00000001.sdmp, SPORENTI.exe, 00000015.00000002.442752556.0000000000560000.00000040.00000001.sdmpString found in binary or memory: https://wtstransit.com.sg/wtstransit/lison/llETAdnA209.binhttp://urquilam.com.ar/moodle/enrol/ldap/b
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: https://wtstransit.com.sg/wtstransit/lison/llETAdnA209.binn
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: https://wtstransit.com.sg/wtstransit/lison/llETAdnA209.binne
            Source: SPORENTI.exe, 00000011.00000002.446735801.0000000002440000.00000004.00000001.sdmp, SPORENTI.exe, 00000012.00000002.443477100.0000000002320000.00000004.00000001.sdmp, SPORENTI.exe, 00000015.00000002.443956233.00000000023E0000.00000004.00000001.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing?utm_source=error_footer
            Source: SPORENTI.exe, 00000012.00000002.443299734.0000000000922000.00000004.00000020.sdmpString found in binary or memory: https://www.digicert.com/CPS0
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: SPORENTI.exe, 00000008.00000002.381804140.000000000067A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess Stats: CPU usage > 98%
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 0_2_020F2A0C NtProtectVirtualMemory,0_2_020F2A0C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 0_2_020F0F1F NtWriteVirtualMemory,0_2_020F0F1F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 0_2_020F2DE4 NtUnmapViewOfSection,0_2_020F2DE4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 0_2_020F0F49 NtWriteVirtualMemory,0_2_020F0F49
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 0_2_020F1170 NtWriteVirtualMemory,0_2_020F1170
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 0_2_020F2DB1 NtUnmapViewOfSection,0_2_020F2DB1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 0_2_020F2DEB NtUnmapViewOfSection,0_2_020F2DEB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 5_2_00562A0C NtProtectVirtualMemory,5_2_00562A0C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 5_2_0056033B NtProtectVirtualMemory,5_2_0056033B
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 14_2_020A2A0C NtProtectVirtualMemory,14_2_020A2A0C
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 14_2_020A0F1F NtWriteVirtualMemory,14_2_020A0F1F
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 14_2_020A2DE4 NtResumeThread,14_2_020A2DE4
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 14_2_020A0F49 NtWriteVirtualMemory,14_2_020A0F49
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 14_2_020A1170 NtWriteVirtualMemory,14_2_020A1170
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 14_2_020A2DB1 NtResumeThread,14_2_020A2DB1
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 14_2_020A2DEB NtResumeThread,14_2_020A2DEB
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 17_2_00562A0C NtProtectVirtualMemory,17_2_00562A0C
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 17_2_0056033B NtProtectVirtualMemory,17_2_0056033B
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 18_2_00562A0C NtProtectVirtualMemory,18_2_00562A0C
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 18_2_0056033B NtProtectVirtualMemory,18_2_0056033B
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 21_2_00562A0C NtProtectVirtualMemory,21_2_00562A0C
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeCode function: 21_2_0056033B NtProtectVirtualMemory,21_2_0056033B
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: SPORENTI.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe, 00000000.00000000.177647144.000000000041D000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamePAAKRV.exe vs SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe, 00000000.00000002.245496716.00000000020A0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe, 00000005.00000002.262741815.00000000023ED000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamePAAKRV.exe vs SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe, 00000005.00000002.262655669.0000000002340000.00000002.00000001.sdmpBinary or memory string: originalfilename vs SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe, 00000005.00000002.262655669.0000000002340000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe, 00000005.00000002.262498319.00000000022F0000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeBinary or memory string: OriginalFilenamePAAKRV.exe vs SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: SPORENTI.exe.5.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: classification engineClassification label: mal100.troj.evad.winEXE@17/2@6/2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeFile created: C:\Users\user\AppData\Local\Temp\~DF8A8717A2DBE1DE37.TMPJump to behavior
            Source: unknownProcess created: C:\Windows\System32\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.vbs'
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeVirustotal: Detection: 76%
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeMetadefender: Detection: 42%
            Source: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeReversingLabs: Detection: 77%
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe'
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe'
            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe 'C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe'
            Source: unknownProcess created: C:\Windows\System32\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.vbs'
            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe
            Source: unknownProcess created: C:\Windows\System32\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.vbs'
            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe
            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe 'C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe'
            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe
            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe' Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess created: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe 'C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe' Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess created: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe 'C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe' Jump to behavior
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess created: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess created: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exe C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected

            Data Obfuscation:

            barindex
            Yara detected GuLoaderShow sources
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe PID: 4860, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SPORENTI.exe PID: 2936, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe PID: 564, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SPORENTI.exe PID: 5108, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SPORENTI.exe PID: 1912, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SPORENTI.exe PID: 1124, type: MEMORY
            Yara detected VB6 Downloader GenericShow sources
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe PID: 4860, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SPORENTI.exe PID: 2936, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exe PID: 564, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SPORENTI.exe PID: 5108, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SPORENTI.exe PID: 1912, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SPORENTI.exe PID: 1124, type: MEMORY
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 0_2_0040543B push edi; ret 0_2_00405404
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 0_2_0040714C push esi; retf 0_2_0040714D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 0_2_0040632A push edi; ret 0_2_00406330
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 0_2_0040732A push 0000005Fh; retf 0_2_00407330
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 0_2_004053DF push edi; ret 0_2_00405404
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeCode function: 0_2_0040738F push 0000005Fh; retf 0_2_00407330
            Source: initial sampleStatic PE information: section name: .text entropy: 7.40897140167
            Source: initial sampleStatic PE information: section name: .text entropy: 7.40897140167
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeFile created: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeJump to dropped file

            Boot Survival:

            barindex
            Creates autostart registry keys with suspicious values (likely registry only malware)Show sources
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce agerd C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.vbsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce agerd C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.vbsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce agerdJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce agerdJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce agerdJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce agerdJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FSTAFA4A70AEDCC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\EIRES\SPORENTI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Tem