Windows Analysis Report
http://teleglsam.fit/

Overview

General Information

Sample URL:	http://teleglsam.fit/
Analysis ID:	1447725
Infos:

Detection

Telegram Phisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Yara detected Telegram Phisher

Creates files inside the system directory

Deletes files inside the Windows folder

Detected clear text password fields (password is not hidden)

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://teleglsam.fit/	Avira URL Cloud: detection malicious, Label: phishing
Source: http://teleglsam.fit/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: http://teleglsam.fit/assets/download/filename.js	Avira URL Cloud: Label: phishing
Source: http://teleglsam.fit/assets/layui-v2.6.8/layui/layui.js	Avira URL Cloud: Label: phishing
Source: http://teleglsam.fit/styles.e2974b719a0acf9b.css	Avira URL Cloud: Label: phishing
Source: http://teleglsam.fit/assets/images/logo.jpg	Avira URL Cloud: Label: phishing
Source: http://teleglsam.fit/assets/layui-v2.6.8/layui/css/modules/layer/default/layer.css?v=3.5.1	Avira URL Cloud: Label: phishing
Source: http://teleglsam.fit/assets/js/jquery-3.5.1.min.js	Avira URL Cloud: Label: phishing

Multi AV Scanner detection for submitted file

Source: http://teleglsam.fit/

Virustotal: Detection: 18%

Perma Link

Phishing

Yara detected Telegram Phisher

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Detected clear text password fields (password is not hidden)

Source: http://teleglsam.fit/

HTTP Parser: <input type="text"... for password input

Source: http://teleglsam.fit/

HTTP Parser: No favicon

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49738 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49723 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.5:53407 -> 1.1.1.1:53

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49738 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/htmlContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:04:14 GMTAccept-Ranges: bytesETag: "bc2cc8da559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:06 GMTContent-Length: 40160Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 1e ff ae 4f bf 3c 79 f3 fb bc 3c 4d e7 ed a2 3c 7a 8c 7f d3 32 5b 5e 7c f6 d1 0f e6 db 27 2f 3e a2 8f f2 6c 76 94 a4 f4 3c 5e e4 6d 96 4e e7 59 dd e4 ed 67 1f ad db f3 ed 83 8f f4 ab b6 68 cb fc e8 4d 5e e6 17 75 b6 48 bf 9b 4f 1e df 95 cf e4 7b 7e 75 55 57 ab bc 6e af 3f fb a8 ba 78 c4 df 7e 94 4e ab 65 9b 2f 09 9c ff ae 81 da 79 ab bd 2a da 36 af 6f ff ea 32 5b e4 9f 7d f4 36 bf be aa ea 59 73 c3 1b bf eb f6 76 f0 da 2c 6f a6 75 b1 6a 8b 6a e9 bd f9 9f ff e1 7f d5 7f f1 67 fc 4d ff f9 1f ff e7 fc e7 7f ff 5f fd 9f ff 49 7f c2 7f fe 27 fe 4d ff f9 df f9 b7 fc 67 7f d7 1f f3 5f fe 3d ff e0 ff f8 f7 fd 71 ff c5 3f f0 b7 fe d7 7f e6 5f 25 df fe 67 ff e0 5f fc 5f fd 35 7f f4 7f f9 f7 ff c9 1f a5 77 b5 0b 40 e7 df 52 6f 54 44 0b bf 2b fd fe 83 3a 64 18 77 8f d2 ed 6d ed 78 92 35 79 3a af f3 f3 cf 3e ba 6b c6 5b 16 cb b7 69 9d 97 9f 7d 54 50 67 1f a5 ed f5 8a 46 5d 2c b2 8b fc ee bb 6d f9 4c 5e 19 df 3d cf 2e f1 c1 98 fe e9 bf be aa 73 fa 6e 99 4f 5b f3 c2 bc 6d 57 cd a3 bb 77 cf 69 10 cd f8 a2 aa 2e ca 3c 5b 15 cd 78 5a 2d be c6 fb 4d 9b b5 c5 94 5f 4e a7 75 d5 34 55 5d 5c 14 cb cf 3e 32 b0 9a f6 ba cc 75 00 6d fe ae bd 3b 6d 9a 8f 8e 7e 4f bc be 7d 9e 4d f3 5f ac bf 2d 8a f2 fa d1 c7 cf b3 b6 fa f8 90 3f e2 17 1f 2d ab 7a 91 95 f2 c9 55 5e 5c cc db 47 bb 3b 3b f2 f7 ac 68 56 65 76 fd a8 b9 ca 56 87 4d 3d 7d b4 ae cb ad 41 fc ee 36 77 4b 82 7e f7 72 6f ff ee eb 4f d7 07 57 fb 4f be f8 ea cd cb 6f cf ef ed 1c 7f 55 6c ff a2 17 c5 ef 7d f1 20 ff 6a 67 7c 55 9d 9f ef dd 49 cf d1 73 bb f5 31 ff f9 f1 9d c3 f5 92 28 3c cb b7 6b 12 c1 fc d1 57 9f ec 10 1e db 3b 7b c7 cf 46 29 fd 71 6f 67 5f 7f 1e c8 cf bd 87 f8 b9 7b 4a 8d 76 4f 1f 72 a3 dd d3 67 7b f4 c7 33 fe 63 6f 67 6f 47 7e 1e ef 6c d3 3f 4f f4 8f a7 f4 c7 89 7c b3 bb 7b 8f 7f 9e 7c 4a 2d 4e 1e f0 6b c7 0f f6 76 b6 8f 1f 3c 7b 76 f8 4b fe 5f 46 c3 df fb 44 69 f8 13 b7 a6 20 3d db 3b 3b 42 8f 9d dd 7b bb f2 f3 fe de 36 fd c3 43 df d9 7b f2 84 68 fc e4 44 fe 38 f9 54 7e 3e 3d d6 9f f2 f9 00 ed f7 00 7e 6f e7 53 06 bf b7 f3 80 1b 11 85 f9 a5 bd dd bd 3d f9 f9 90 bb a5 9f dc e3 1e 7d a1 3f ef e3 e7 33 9d ae 67 cf 9e 3d fd 30 92 df fb 46 48 fe d0 92 fc c1 57 af 5f 5f 65 2f 3f ff 89 7b bf e8 fe 6c e7 c5 83 ab 5b 93 9d 26 9f 88 fa ff 4d c6 fd 59 a1 62 61 a8 78 6b 12 d2 f3 f3 87 73 f7 bf 11 9a 5f 1b 9a ff f4 bb e3 ab df bb f8 6e fb ec e4 fc 27 1e 1c df 9a e4 ff 5f e6 da 6f 9c 82 fb 4a c1 e9
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:04:18 GMTAccept-Ranges: bytesETag: "0251edd559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:08 GMTContent-Length: 5088Data Raw: 1f 8b 08 00 00 00 00 00 04 00 d4 5c 4d 6f ec 38 76 dd f7 af a8 60 30 78 af 07 2e 3f b3 5c 9f 1e 24 e8 20 c0 00 03 74 90 45 67 99 0d 25 51 25 3e 4b a2 1e 25 d9 ae 0e e6 bf 87 94 ea e3 90 55 75 e4 01 7a 93 5e f4 83 a5 73 29 7e 1c 5e 5e 5e 1e d6 b7 bf fc cb 4f b3 bf cc 66 7f 33 75 37 fb f7 77 d5 9a 4a cd 96 8f 8b c7 a7 59 72 98 fd 92 c9 37 b5 97 75 76 98 cd 67 45 d7 35 2f df be e5 0e 29 47 e0 a3 36 ee f9 2f f0 64 28 eb 57 9d aa ba 55 f7 4c be 95 c7 f7 5f fd 47 5f 66 bf fd fd d7 d9 7f fd ed d7 99 78 14 0f b3 ff f8 ed b7 97 d9 7f fe fd bf 4f 85 fc ec 4a fc f6 d3 f0 89 79 2e 53 35 fb df 9f 66 b3 e3 5f 95 2e 0f 2f b3 2f be 94 63 cd bf fc d5 bd 6d 6d fa 32 eb 6d f9 f5 cb e3 e3 f0 e9 16 2b 30 7f 57 89 ff f3 51 99 ee cb cf ff 2c de 7d da 56 b2 fb fa 45 55 89 ca 32 95 cd 4d a3 ea ee d0 a8 2f 3f 3f b8 b2 66 9f 28 e8 dd e4 39 94 34 fe f9 59 e3 ae 43 db ce f6 ea 9f fb 78 fb b6 07 fb e1 af bf 9e 7a f4 5d e9 7d e1 06 a4 f6 6f cb f3 e3 b6 3b 94 ea f2 f4 1f 3f fd f4 98 cb 61 1c 32 dd 36 a5 74 63 a0 eb 52 d7 6a 9e 94 26 7d 3d d9 9d 2c a2 7f c4 b2 f9 f8 26 66 30 68 97 0f e9 df 95 2f ab 50 56 77 fe 69 a7 3e ba b9 55 75 e6 1e d4 fb 97 99 ec 3b e3 9f fb d6 bc 6a 47 81 c1 aa 32 a6 2b c6 f7 75 a7 65 a9 65 ab b2 01 56 99 df e7 a6 fd b8 c2 ed ad 3c b4 a9 2c d5 a9 35 f3 72 7f 21 d6 58 0d f1 f8 7c fc 4f 55 be b0 a1 81 c5 b1 87 9e 1e 37 ab f1 f1 9b b2 9d 76 45 cd dd 77 f7 f5 cb 6c 2e 56 7f 3e 97 ba f8 88 4b 5d 78 ab e3 db e7 ab b7 cf f0 76 79 f5 76 09 6f 57 57 6f 57 f0 36 7f 1f de be eb ac 2b 7c 4b 16 db d5 46 2c 17 bb b1 ca 43 af 1e ab eb e6 58 a7 ec d9 b0 2f 07 c3 46 66 99 eb a8 79 a9 72 df 58 6f 54 49 bb d7 f5 f1 c9 e2 d1 95 36 94 79 ea 9b f6 48 93 b9 67 a3 1f f9 5a 61 a1 ff e6 20 63 c9 a6 d5 9d 36 ee cb 56 95 b2 d3 6f 30 04 31 42 26 ad 29 fb 6e e0 c7 f8 dd 79 fc e1 63 0b e3 c7 9d 69 fc 18 45 0f ef 37 bb d4 c0 81 e3 a7 c4 e3 d8 69 db 35 74 6c 62 ac e3 22 f6 91 ff 8e 1b 54 ff ff d5 f0 8f 38 12 63 84 be cc 5c 1b 74 e6 9e 3f 6d dd eb 3f 29 a5 2e 2f e7 56 66 ba 6f 87 aa 9e 3e d2 f4 65 39 b7 9e 65 e3 00 97 46 ba da 0c 0f 00 e0 eb 88 ef fd df a7 4a 46 88 e3 c0 d9 13 71 81 63 f1 c7 82 31 0e 90 f3 b6 d1 f5 80 39 4d 3d 59 6b e7 41 86 71 3a bd 5e b4 6e ee e6 ba d6 9d 1a 66 8b b4 be a9 9f 04 ba ef fc 72 2a fb 55 1d 72 2b 2b d5 ce 2e 5f 76 25 3d fd 79 a8 c1 a5 0e 9d 95 75 eb 5d 99 eb 20 d3 c9 4e 7d 7d ca d4 7e f0 67 6e b8 ef bf fc 87 2f 4d 3c 7d a2 bc e7 d5 8e 95 08 af ff 31 b4 e0 ff 6d cd fd 18 8f af e6 bb a7 91 59 ba ec 3c 7f 1b 6b f6 3a 7b c9 3e dc 30 ee d5 b9 a4 c7 4a a7 d6 b4 26 ef 1e 13 d9 ea 74 78 fb 75 28 c2 8d f5 bf 8a 9f d1 4f 5f 7f 7f 77 6e d2 bc 6a e9 fb fb ef c2 6a 8b ed 1f 51 ef c5 44 bd dd 57 78 c5 01 40 5e 86 55 5f 6c fe 88 aa 3f 4f 54 dd 7d 85 57 1d 00 e4 e5 69 89 29 75 33
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:05:07 GMTAccept-Ranges: bytesETag: "80f352fa559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:08 GMTContent-Length: 40582Data Raw: 1f 8b 08 00 00 00 00 00 04 00 d4 bd 69 77 db 46 d2 28 fc 3d bf 02 cc f8 19 00 16 45 4b f6 64 ee 0d bd e8 38 b2 93 78 26 ce 62 39 93 64 28 26 07 22 9b 12 62 0a 60 00 50 4b 2c cd 6f 7f bb aa 7a 5f 40 ca c9 33 e7 be 3c c7 16 09 f4 de d5 d5 b5 d7 83 fb 83 e4 d7 ef d6 ac b9 4e 2e 1e 8d 3e 19 ed 27 37 49 36 cb 93 7f 1c 25 9f d7 eb 6a 5e 74 65 5d 25 45 35 4f ea ee 8c 35 c9 ac ae ba a6 3c 59 77 75 d3 f2 a2 bf fe 06 55 47 75 73 fa 60 59 ce 58 d5 b2 e4 fe 83 8f 06 d9 62 5d cd b0 66 c6 86 49 97 27 ef 3f 4a 92 74 cd df b6 bc f6 ac 4b 1f c3 ef fa e4 57 c6 bf 27 4f 9f 26 dd f5 8a d5 8b e4 bc 9e af 97 2c f9 eb 5f e3 2f 47 ec 6a 55 37 5d cb 1b 48 92 83 24 b3 9f 26 4f 13 36 9a d7 b3 f5 39 ab 3a 2c 42 c5 3a 18 c7 60 2f 57 8f c6 89 31 44 1a 9f fe 94 8b 24 1b e8 76 72 eb 65 92 74 67 4d 7d 99 54 ec 32 79 d9 34 75 93 a5 62 01 1b f6 db ba 6c 58 9b 14 c9 65 59 cd 79 99 cb b2 3b e3 bf 64 43 69 fe d8 6a aa 61 dd ba a9 60 70 d6 8b 5b ea 70 2c 5e dc e6 59 ca 77 82 2d ca 8a cd d3 64 a0 16 44 74 72 20 bf f0 0a 67 65 3b 34 66 76 38 4c 58 78 f1 2f 8a 26 e9 f8 6a 4d a6 43 ec ac e1 df bf c1 25 1f 9d b2 ee db a6 ee 6a e8 e5 9b 05 bd 86 85 ed 46 2d ec 31 3d 38 c5 07 8b 65 21 57 f9 20 be a0 72 9a 58 7c 34 2b 96 4b 6b c2 b7 1f 6d dc 12 d5 02 07 bf 19 6f a3 58 ad 96 d7 19 1f 7b 62 35 44 43 5b e3 d0 56 eb f6 8c 7e 97 f8 9b 2f 11 bb 92 d3 a9 f8 a3 f7 a2 78 cd bf 57 a3 ae 3e e2 8b 53 9d d2 b3 0b 7c 76 56 b4 df 5c 56 7c 2d 56 ac e9 ae e9 4d c1 df 5c 38 a5 97 fc 59 41 f3 a2 25 cc e9 f9 b5 d1 cb 39 ff 1e 9c 9e 98 5a 2a 5f 9a 10 4f 27 a1 5a 9f 9f b0 c6 dc 78 36 aa ea 39 7b cb 7f d0 e4 45 1f 57 1b fa a8 d6 cb 25 b4 82 cd 32 de 0f 1c 16 82 1d ab 9d 97 bc 9d 43 05 fd f4 6c 06 73 c1 fe c7 fc 1c 0d 93 b6 99 d1 97 8a ef 08 93 5f 5f e3 61 84 5f c9 2d 34 a9 46 73 82 78 80 17 91 83 02 f8 6b 86 62 7c a5 fc 02 7b 91 c1 e6 54 c9 cd 4d f2 32 1f cd 1a 56 74 ec e5 92 c1 48 b2 b4 9d 35 e5 4a 1d 23 38 a6 59 56 8f 3a 76 05 a0 cc 72 40 35 f2 b0 2e ea 26 c9 9a a4 ac 92 99 3e bf 19 c2 c2 a4 99 42 f3 19 82 fa f3 8e f0 19 2e 8a fd 24 6b f2 3c e7 8f 0d 40 ac 47 ad 55 60 98 94 62 30 1c 5c 58 31 07 c8 64 d5 fc f0 ac 5c ce b3 3a 1f ad 8a 86 0f fc 6b be 5b a3 86 9d d7 17 4c be 81 4a b7 e6 0a 5d ea 0d 33 b7 0b f6 48 9d 30 96 ec 24 69 aa 8e 4b 00 47 32 98 58 18 96 54 2b d5 a4 96 87 10 d7 41 36 a3 da 95 35 e4 18 61 af 16 7c e1 52 bc 20 52 da ac 23 1b d8 14 96 37 27 c0 31 e4 d1 68 51 f1 b3 57 76 54 44 c0 99 05 1b 2b 3d 73 89 95 06 03 02 fd 25 ab 4e bb b3 14 76 91 80 76 44 4f 24 bc 00 a8 5c 2a 64 22 ba cd c4 cb c1 39 34 ac b6 6f 70 65 fd cc d2 a2 69 8a eb 14 8f 01 80 9b da e5 3d 7c d4 99 8f 32 75 08 f5 82 76 30 a0 bd e4 09 7d e9 92 dd 64 1f c7 29 20 50 ed 70 06 4b c0 c7 79 34 5a 49 ac 9a 3c c5 22 72 b9 e8 12 e5 e
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:04:18 GMTAccept-Ranges: bytesETag: "0251edd559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:08 GMTContent-Length: 26177Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec bd 7b 8f 23 b9 91 20 fe ff 7c 0a ad 07 8d ea f6 94 d4 ca 94 52 8f 1a f4 60 6d 63 17 b7 c0 8c ff f0 dc 02 07 cc cd 01 29 65 aa 24 b7 5e 97 52 75 a9 67 31 bf cf fe e3 9b 41 32 f8 c8 2c a9 ba cf de f5 da ad ca 64 3c 18 0c 06 19 41 66 c4 fb 3f fe cb 37 bd 3f f6 fe 7c 38 9c 4f e7 a6 3c f6 3e 8d 07 c5 60 d8 7b bb 3e 9f 8f a7 87 f7 ef 1f eb f3 42 be 1c 2c 0f bb f7 ef 68 fb bf 1c 8e 9f 9b cd e3 fa dc cb 87 59 d6 cf 87 f9 b0 f7 3f d7 35 c0 f3 a7 a7 f3 fa d0 9c bc 8d 9f 37 e7 73 dd dc f7 fe 63 bf 1c d0 46 3f 6e 96 f5 fe 54 57 bd a7 7d 55 37 bd 9f fe e3 7f 02 1e 36 e7 f5 d3 82 51 3f 3f 2f 4e ef 15 43 ef 17 db c3 e2 fd ae 3c 11 54 ef 7f fc 8f bf fc db 5f 7f fe 37 ca df fb 6f be 79 68 48 a3 de 7f 7d d3 eb f5 fb 8b ed 53 fd d0 fb 76 38 9c 2e 56 ab ef d9 a3 cd be da 3c 1e c8 c3 c9 24 1b ae 72 fe f0 f8 d4 1c b7 b4 e5 64 35 ce 97 99 78 b8 d9 7f 24 8f ea d9 a8 9e 2d f9 a3 a6 ae c8 93 6a 39 2a c6 05 7f 72 68 ca fd 23 85 5c 55 d3 3a 1b f3 87 9f eb ed f6 f0 4c 1f ae 96 d9 70 ca 1f 3e 36 75 bd 27 cf f2 59 39 95 d0 e7 ba dc d2 47 c3 e5 7c 2e 9a 2d 3f 97 b4 55 36 2d f3 c5 8c 3f 7a 5e 6f ce 8c 84 ec c3 63 53 7e a6 cc 2e a7 c5 b4 d2 8f fa 55 d9 50 8e 47 e3 51 39 1e 8a 4e 34 9b 5d d9 7c b6 84 70 aa 97 87 7d c5 9f 43 2c a7 a7 e5 b2 3e 9d 2c 2e 37 fb d5 c1 66 a9 6c f6 9b fd a3 d5 c5 8a ca a2 b1 24 b4 a5 0a 40 1b ce 56 f3 55 29 1b 3a 8c 2e 9a ba fc 78 3c 6c f6 e7 fe 85 30 e0 3e 3d ed 1e 7a c5 74 72 bc 38 6f 76 64 50 a6 93 19 f2 66 4b 38 9c cf 73 e4 cd 85 c8 3d cb 87 43 f9 6a 75 20 0f 57 e5 6e b3 fd dc 3f 95 fb 13 11 51 b3 59 3d f4 fa e5 91 68 46 ff f4 99 68 da ee be b7 d8 12 a5 d8 95 4b fe 37 05 ba ef dd fd 5c 3f 1e ea de 7f fe c7 dd 3d 41 d5 eb 35 87 c5 e1 7c 20 cf ff 47 bd fd 54 9f 37 cb b2 f7 d7 fa a9 be bb ef 95 cd a6 dc 92 17 7f 25 ef 7b 3f 13 2a e4 99 26 c6 a1 ef fe 44 09 92 a9 b3 3d 34 bd 7f db 1d fe be b9 03 24 90 27 3f 7f de 2d 0e db 3b 89 16 02 ba 5d db 1d f6 87 d3 b1 5c 12 75 3a ad e8 1f 44 a5 1f 9f b6 25 99 8f bb 7a bf 25 5c 93 87 e5 92 fc 4b 14 e4 74 d8 96 27 c1 d5 8f 9b 45 dd 94 e7 cd 61 df fb 89 80 51 72 7f 39 3c 35 1b 32 63 ff 5a 3f df 31 38 8e f9 fb 6f 7e ff e6 9b 3f de 7f f3 f0 50 ae e8 44 27 3f 16 f5 ea d0 d4 6c 4e 2e 0e 97 fe 69 f3 1b d3 9d c5 a1 21 33 be 4f 1e 31 98 f5 79 b7 65 6d 00 c3 0f 40 3e b4 37 44 fc 75 7f 5d 73 95 ca 06 19 d7 b1 e7 7a f1 71 73 26 b3 e9 72 a6 c8 eb 7e 59 fd fd e9 44 5b 0c 87 6f 8c 16 e5 b1 bf 26 c0 4c 27 fb 4b 2a aa 87 1e b1 27 7b c2 79 53 ef cf 8c 8f b2 21 63 b6 ad ef bf 29 4f 9b 8a fc b3 da 3c 2e cb 23 ed 3a fb fd d4 d0 67 c4 c6 d0 be ad eb b2 62 ff 3e 36 87 a7 e3 fd 37 bb 72 43 5a ed cb 4f f7 df 90 39 c6 c4 45 7b 54 6d 4e c7 2d 9d b3 c4 6c 2d 3f 32 2a 8b 43 f5 99 bd 23 d3 f3 71 b3 17 1a 6f 74 dd d2 b
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:04:16 GMTAccept-Ranges: bytesETag: "8cd74fdc559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:08 GMTContent-Length: 16138Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 3e 5a 37 79 da b4 75 31 6d 3f 3a dc 6a f2 f2 7c 7c 95 4f 56 d9 f4 ed c9 7c bd 7c 9b cd 2e 7f ff 55 55 b7 d9 ef bf 2e 3e db f8 ed cf fc cc f7 be 7f 67 bc 5a 37 f3 ad ef 7d 6f 7f ef e1 f7 47 bf f8 fe bd 47 5b 4f f3 d1 2c 1f bd c9 ef 7c 76 f4 8b a7 d5 b2 69 d3 55 fe d9 47 eb e5 2c 3f 2f 96 f9 ec a3 df f5 b3 f6 7a 95 57 e7 e9 45 59 4d b2 f2 cd bc 68 7e e1 2f 74 bf 8f 8e e3 ad af 8a e5 ac ba fa 85 bf 50 7e 8e be 1d 6f 05 84 7f e1 2f 8c 7d f3 dd aa 7e 9b d7 9f 73 3f af a7 d5 2a ff 85 bf 10 8d d3 82 30 cc 96 d3 0d 4d 46 27 f9 67 ab fc 67 7e 26 06 55 f0 36 f8 ff cc cf 1c 53 bb 6f e7 a3 45 fe d9 f9 7a 39 6d 8b 6a b9 f5 bb 8d c6 e3 f1 32 bf f3 8b 8b f3 ad 45 3e 6e eb 6c d9 94 59 4b 1f 08 75 be f3 99 ff 29 35 a7 b6 87 bf db 67 df f9 de ce f7 e9 57 fa b9 fb fd 5f 52 e6 6d fa fa b3 8a be c5 a7 bf db b8 ce ae e8 97 3b 87 e7 55 bd 85 ef be f3 d9 ee e1 77 1e ff 6e e3 32 5f 5e b4 f3 c3 ef 7c f2 c9 9d d7 9f 7c b6 cc bf f7 9d ed dd ef 7f c2 ef 7d c7 bc f7 1d 7a af ce db 75 bd 4c 5f ff 92 43 83 66 8a 46 d4 df 9d 5f 2c df 7d f4 e8 a3 cf 3e 23 08 e3 e9 3c ab 8f db ad 9d 3b bf c7 ef 36 6e d6 93 86 18 67 79 b1 65 5e d3 77 0c 1e af 3f db 1d 01 97 d7 0e 97 d7 9f 7c 32 02 3e 34 fa 8f 7e df df 57 80 02 07 fa ec 30 2f 89 15 f1 05 77 f6 bb 7d ef f5 f7 ef 48 ef e9 eb c3 76 5e 57 57 e9 32 bf 4a 4f eb 9a c0 ff 01 5f 2d db bc 5e 14 4b 22 d2 2c fd dd ca 6a 9a 95 c5 0f f2 74 91 b7 d9 2c 6b b3 74 42 1f bd a5 e9 4c 3f fa dd 7e f1 32 ff 25 1f 8d ff 80 3b bf 44 d0 fb 64 f7 ce a3 df ed 97 9c e4 63 fb 16 91 9c 38 74 eb fe c1 bd 3b bf 64 44 ff 3e da 02 b7 fe ae 76 54 34 24 99 9c e5 67 f9 78 95 d7 34 be 05 98 c4 91 ab d8 7a 7e e7 17 2f 7f e1 2f 5c 8e 17 59 fd d6 fc a4 0f 7f 89 6d 52 6f 3d 1f ad 4c a3 3c 6b d6 35 31 94 fd 95 bf fc 25 c5 d6 47 3f 55 2d f3 8f ee 1c 4a 7f 53 ea ef f7 ff fd f1 d1 ef df 5c 2f 26 55 f9 fb af 6a e2 b9 77 c4 7d bf ff ef ff 03 ef e3 df ff 23 87 cb 9a ba d5 69 4b a7 9f 3c ff 25 02 ea fc b3 df 75 87 a8 9a 7f 6f bd f5 11 e1 3f cd 9f ae 57 65 31 25 f2 01 fc c9 3c 9f be fd e8 ce f7 0f 89 fc f9 18 9f 30 83 9e 53 47 06 ae e3 72 69 40 88 99 ce ef 74 67 87 47 91 66 65 9d 67 b3 eb b4 ac b2 59 3e 1b d3 a8 14 2b 01 c0 6c fc fb 7f b6 c5 c4 9e 96 59 d3 a4 cf 85 ce f5 7a da 12 94 76 54 dd f9 c5 2d 29 81 f1 ef bf ca ea 7c d9 7e d6 8e e4 cf 65 46 22 55 fd 1e d5 18 bf 10 8e eb 25 7e 99 11 e3 3c ae ab aa 3d fa 48 db ad 6a 12 db ba 2d f2 e6 b3 ea 17 fe c
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:04:18 GMTAccept-Ranges: bytesETag: "43d6cdd559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:08 GMTContent-Length: 191Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 b6 ce d7 cb 69 5b 54 cb 74 eb 4e fa 8b 93 34 bd 2a 96 b3 ea ea 7b 1f 9f 17 65 be cc 16 f9 c7 df 4f 3f 4b 3f fe af fe fe bf ee bf f8 e3 ff 92 ff ec ef fa 53 ff cb bf e7 1f fc c1 38 7f 97 7f 7c 98 fc 92 3b 5b 77 0e 93 ff 07 93 76 f2 e0 41 00 00 00 Data Ascii: `I%&/m{JJt`$@iG#)eVe]f@{{;N'?\fdlJ!?~\|?"i[TtN4{eO?K?S8\|;[wvA
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:04:16 GMTAccept-Ranges: bytesETag: "f67065dc559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:08 GMTContent-Length: 772Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 b6 b6 ee 7c 76 f4 8b 3f 5a 37 79 da b4 75 31 6d 3f 3a bc cc ea 34 1f 15 9f fd e2 5f 32 fa fd e9 9f c3 f3 f5 72 da 16 d5 32 5d 6e e5 77 7e 31 be ad 3e fb fd bf 97 7f ff b0 38 df ba ac 8a 59 ba f3 bb 7e f6 59 75 a7 ce db 75 bd 4c ab 71 fe 6e 55 d5 6d c3 70 6a 6e f9 d9 2f d6 cf 1e fd e2 5f f2 4b 0e b5 61 41 5f 8c a7 59 59 6e d5 e6 95 51 3d 72 bf 2f ef b8 3f 7e c9 72 bc f8 ac 18 e5 9f 7d ef fb a3 e5 f8 cb cf b6 2a 6a ba 1e 95 c0 9d b0 f8 5d 6b c1 ab f9 6c f7 ee ce e1 79 55 6f 65 9f ed 1c 66 8f f3 71 99 2f 2f da f9 61 f6 c9 27 77 7e 31 3e a7 56 df e3 37 bf ff 59 fe bd ec fb a3 e9 67 bf eb ce e8 9c 1a 9f 3f ae 4d e3 73 6a bc f5 bb ee fe c2 f2 67 7e a6 39 fa ac bc f3 0b 7f e1 97 93 9f ce a7 ed f8 6d 7e dd 6c 51 f7 77 c6 f9 65 5e 5f 6f cd 3f 3b a2 bf be 37 ff fe 56 fd bd f3 ef df b9 f3 7b d4 e3 66 55 16 d3 7c eb 7c 7b 7b b4 7b e7 d1 16 81 df 1d 95 8f 9b 5f f8 0b b7 1a 82 74 07 24 9b de f9 c5 b9 69 97 71 3b a6 54 fb d9 7a 8b 7e 33 f4 6c e9 95 ea b3 f6 ce 2f f9 25 4a ae ea 97 94 9f 11 46 84 a9 0c 23 cd 3e 73 c3 3b da f9 85 bf 90 c6 b3 bd fb fd ef ed 7d ff a8 3c 24 b8 77 e8 6f 1e 24 7d 78 48 3f be ff 99 0e fc 97 10 05 ab cf b6 f2 51 45 d4 d3 91 ad ea aa ad da eb 55 3e 9e 67 cd 97 57 cb 97 75 b5 ca eb f6 5a e6 07 4d 47 c2 28 e8 38 ff ec 17 7f fa e9 a7 8f 76 7e c9 21 8d 7e fc d3 9f ad 3f 3b da f9 ec 33 ea 6a fd 7d 1e 09 01 a7 7e 4c eb f3 51 3b fa 5e 36 6a 46 d3 ef 7f 56 8e 2e 89 d4 44 83 6c dc 54 8b 7c 6b 46 6f d2 58 f3 ef cd 88 7a 3c 3f e7 69 b1 4c 9b 3b 84 e1 56 33 3a 27 d2 13 bd 17 df 3b ff fe 67 0d fd a3 e4 03 d4 d5 67 d3 ad e5 9d 5f 82 57 d6 bf f0 17 ae b7 4a 22 dd e3 cc d0 e3 92 66 10 20 f2 51 fb 59 f6 bd cb ef 13 9c fc 7b ed f7 e5 df ef ed 7c 7f eb ce 88 28 42 5f 7c 9f d0 51 fa d2 58 b6 56 77 7e c9 a8 fe ac c9 cb f3 f1 55 3e 59 65 d3 b7 27 f3 f5 f2 6d 36 bb fc fd c1 86 d9 ef bf 2e 36 7f fb 33 3f f3 bd ef 1f d6 63 42 eb 34 9b ce b7 aa f1 a4 58 ce b6 96 eb b2 1c ed dc 01 3f af d6 cd fc 33 ff 63 f9 48 3e a8 ef dc f9 25 77 b6 f8 ff 87 ff 0f ce dd db ee 98 03 00 00 Data Ascii: `I%&/m{JJt`$@iG#)eVe]f@{{;N'?\fdlJ!?~\|?"\|v?Z7yu1m?:4_2r2]nw~1>8Y~YuuLqnUmpjn/_KaA_YYnQ=r/?~r}j]klyUoefq//a'w~1>V7Yg?Msjg~9m~lQwe^_o
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:05:16 GMTAccept-Ranges: bytesETag: "03eb0ff559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:08 GMTContent-Length: 120092Data Raw: 1f 8b 08 00 00 00 00 00 04 00 d4 bd 79 77 db 46 b2 28 fe 7f 3e 05 e4 e4 5d 80 91 48 91 b2 e5 45 b2 ad e3 d8 ce 8d ef 2f 76 72 63 cf f6 28 25 07 22 9b 12 62 0a e0 00 a0 6c 8d ed ef fe eb aa ea a5 7a 01 48 3b b9 ef cd d3 9c 89 09 a0 f7 ae ae ae bd f6 bf dd 49 5e be 78 93 fc 58 cc 44 d9 88 79 f2 ed 7e b2 93 2d d6 e5 ac 2d aa 32 c9 da 41 f2 e1 ab 24 49 d7 8d 48 9a b6 2e 66 6d 7a 2c 9f af f3 3a 11 c9 a3 a4 1d cd ab d9 fa 4a 94 ed 9e 7c 9b 24 a5 7c f7 21 b9 aa e6 eb a5 68 8e 92 0f 9f f6 64 ad bc 5d ab df 6d 71 25 aa 75 7b 94 4c c6 7b 89 b8 96 d5 e0 7d f2 89 2a d7 b2 b2 ed 99 3a 86 bf f6 b2 68 46 d7 f2 63 7a 30 ba 3b ba 8f 03 48 74 a5 0a 47 f1 e3 93 7f fc e5 c5 6f ff f9 e3 4f df 3d f9 31 f9 f8 11 3a c3 af b9 fc 9a c5 da 84 09 b4 f2 a3 18 cd d6 75 2d 07 f2 7a 56 17 ab 56 7d 4d 92 13 ff cb a8 a9 67 e6 eb 51 bc 51 fa 5b 54 75 92 61 fb 7b b8 1e 62 d4 60 0b cd 1e ce b0 1c 2d 45 79 d1 5e 26 c3 64 b2 87 c3 af 8f e5 3f 8f 93 b1 fc 67 38 1c 38 6d 25 49 b1 48 b2 b4 28 5b 51 e7 b2 bf 6b 91 26 8f 1e c9 46 a6 d5 d9 a8 16 f9 fc e6 b5 5c 5e e1 0f 01 57 2d 51 c5 e4 c0 8f 83 af e7 b2 f2 5b ff f5 27 e7 b9 16 ed ba 2e 65 3b 72 3d cb 69 1d 34 f4 69 90 0d f4 b3 2a 9b 95 a3 79 01 93 ac f0 5f 59 51 ae db fa 1c 00 a7 bc c8 e4 9e b7 a3 65 de b4 2f ca b9 78 ff d3 22 4b f7 d3 41 b2 9b 4c 06 aa 1d 68 91 f6 ad 70 40 41 c8 85 b4 53 cc 60 51 4b 68 3c 5d 56 17 a9 aa 81 53 1e cd aa b2 a9 96 22 f9 8f ff 48 d4 cf 69 79 e6 3e 65 e9 32 bf 59 17 89 a8 6b b9 51 97 05 c0 60 2a 47 21 06 0e 5c ad 01 de d6 72 a0 8b a2 14 f3 34 d9 91 60 76 b3 12 d5 22 a9 56 72 2f a0 cd 74 5a 9d ff 2e 66 6d f2 13 bc 39 a3 9d c1 af a3 b6 7a 4d 73 56 a3 5b 02 1c 96 a3 f3 75 b1 6c 0b 3c 24 6a d0 72 2c b2 7b f9 df 74 cf be 11 35 bd 13 35 7f 3b 97 1b 4d ef e1 17 ff b2 ca 2f d4 17 f8 c5 bf b4 ab 25 7d 90 3f 9c 1e e6 45 ab fa 90 bf cc 17 09 ba 57 f2 35 fc 63 de ad 57 cb 2a 9f cb b7 f4 c3 bc 9f d7 d5 6a 5e bd 2b e5 17 fd d3 7c 6b eb bc 6c 16 38 0d fd 93 7d 13 02 df 0b 3b d2 36 3f 5f e2 4b f8 d7 bc 15 4b 71 85 28 22 55 bf cc 97 9a 96 a2 e6 eb 30 ab 96 55 bd 2a 66 6f b1 5b f6 64 4a 34 cb 62 8e 1f e9 87 ad 99 d7 95 c4 6f b0 52 fa a7 5d 91 65 f5 0e 56 44 fe 63 57 a4 2d a0 2c fc c3 7a 9f 0b ec 76 6e 47 f4 fb 3f d7 a2 86 ed a5 1f e6 7d be 84 ea f2 bf e6 0d 81 e4 08 5e 1d f1 07 75 2a 00 30 b3 7a b4 aa ab b6 02 20 1c cd f2 d9 25 a0 df 52 81 97 f3 91 40 d6 39 40 12 13 09 17 f7 c1 21 05 bc 6a 0f 0f 60 a2 54 57 01 58 d6 f0 de da 32 79 07 86 e6 18 b5 ab 57 75 78 71 72 d3 f6 0c 10 e3 60 0f 0e 05 5d 10 f4 6a 67 3c 70 50 0c 7f d0 38 c6 69 2f 3a 62 38 ff 1e 6a 13 0c 61 d7 12 ed 46 31 26 7d d9 0b 3e 00 ce 91 6b be 5c 9e e7 b3 b7 12 13 f6 ac 02 ef b1 1d 84 78 57 6f a7 fb c6 ed 12 f6 85 bd 60 e5 3f 79 f8 b6 02 34 94 65 78 13 c3 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:05:17 GMTAccept-Ranges: bytesETag: "45ac30569eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:09 GMTContent-Length: 678Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 e6 ed a2 4c 7f bc cc ae d7 c5 b4 69 b6 9b b7 c5 72 5a cd 72 fa 3d fd c5 49 9a ce 8a 66 45 5f 3e 4a 97 d5 32 3f a4 0f 56 55 53 b4 45 b5 7c 94 66 93 a6 2a d7 2d 7f 7a 55 cc da f9 a3 74 f7 e1 c1 c3 d5 bb c3 e4 97 24 c9 98 de 5a 17 db 80 b5 3d bf 37 0a fe be 2c f2 2b 86 ee 80 d5 79 99 b5 c5 25 03 3b af 96 ed 76 53 fc 20 27 80 7b 11 70 f6 75 8b dc a4 ac a6 6f f1 ea 22 ab 2f 0a 02 b7 bb b3 7a 97 ee e0 93 55 36 9b 15 cb 8b 47 f2 d7 a4 aa 67 79 4d df d3 d7 84 7d 31 4b 7f 3c cf b9 53 f9 66 bb cc cf db 6d 1d cd a7 e8 9b be c9 a6 6f 2f ea 6a bd 9c 51 f7 65 45 6f ff f8 79 86 ff f0 a5 f9 e4 de bd 7b f8 93 51 3f cf 16 45 49 58 9d 54 eb ba c8 eb f4 45 7e d5 1b c3 fc 1e 8f c0 61 97 02 65 80 98 e7 c5 c5 bc 7d 94 ee eb df 65 b1 a4 e6 9d 0f 15 db 49 d5 b6 d5 a2 3f 9c 7e 67 99 74 67 e9 ed 4f 5e 2d b0 0d 02 6d b5 22 7c f0 9b 19 dc c3 87 0f 7b 30 79 12 fc 0f aa b2 d3 85 3f a5 d5 65 5e 9f 97 d5 15 75 bc 6e ab 5b 01 2b 8b 0d f0 64 9e 79 b6 88 28 f7 05 f1 80 52 7b 3a 9a 08 85 95 78 f2 b2 4f ba 3d fc 87 16 65 d1 10 07 b6 d7 65 be dd 5e af 88 0f 49 20 8a 45 56 d2 3b 19 a0 6d ff 20 af 69 14 69 fa ad a1 96 f8 32 c6 38 e7 e7 b7 1c fc a3 f3 a2 26 d0 d3 79 51 ce 84 10 32 90 6d 9e 1e 19 ca ed 00 95 59 14 8e e5 9d 41 50 ab 3a e7 37 84 d8 44 c1 5e b3 65 d5 e6 04 8f 5b 09 55 09 9e 23 e8 ce 14 ff 31 29 f8 4b 22 1f 49 97 a1 c5 bd 73 fc c7 df f6 09 85 17 e5 55 f3 c9 74 6f 92 3f a4 c9 1f 40 c1 ff 8c f8 dd 61 64 07 2a 1a ec 16 af 33 d9 04 42 1f 31 e0 ac 58 0b 78 8c 69 00 f8 2c 5f 54 3e 64 86 79 59 34 c5 a4 28 8b 96 34 04 ff 5e e6 e9 ef 5a 2c 56 55 dd 66 cb 16 80 0d bd b7 77 95 b1 b5 27 9e 79 e9 c8 7e a6 b2 db f9 74 e3 90 7d ac da 6c 42 1f 2e db 7c d9 32 72 44 0a 30 07 cd e2 60 d7 bf 24 f9 7f 00 d9 88 60 4e 33 06 00 00 Data Ascii: `I%&/m{JJt`$@iG#)eVe]f@{{;N'?\fdlJ!?~\|?"LirZr=IfE_>J2?VUSE\|f-zUt$Z=7,+y%;vS '{puo"/zU6GgyM}1K<Sfmo/jQeEoy{Q?EIXTE~ae}eI?~gtgO^-m"\|{0y?e^un[+dy(R{:xO=ee^I EV;m ii28&yQ2mYAP:7D^e[U#1)K"IsUto?@ad*3B1Xxi,_T>dyY4(4^Z,VUfw'y~t}lB.
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:05:18 GMTAccept-Ranges: bytesETag: "526b211569eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:09 GMTContent-Length: 4173Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 c6 65 76 bd 2e b6 e9 df bc de 2e 16 17 93 ac 1e 25 dd 0f db a2 4d b3 ce c7 6d 36 49 c3 0f 8a b6 cc d3 66 95 2d bb 2d f9 8b 5f 9c a4 69 9b bf 6b b7 ab cb bc 3e 2f ab ab 47 69 5e 96 c5 aa 29 9a 43 fa ea 6a 5e b4 f9 36 bd 3d cd 1f a5 cb ea aa ce 56 87 c9 2f 49 92 79 bb 28 d3 1f 27 40 eb 62 da 34 02 91 61 cd 8a 66 45 7f a1 f1 32 07 84 55 d5 14 6d 51 2d 1f a5 d9 a4 a9 ca 75 cb 9f 5e 15 b3 76 fe 28 dd 7d 78 f0 70 f5 8e 21 fa b8 75 30 6d e6 d9 4c 30 75 c0 ce 8b 77 f9 0c 90 7e 7f f7 99 df c1 aa 2a 96 2d bd 9b 5f e6 cb b6 a1 ef d6 6d d5 eb c7 83 dc 56 ab 47 e9 0e de 2c f3 f3 56 7f 35 58 ee ec fc ee f8 73 9e 17 17 73 fa ce fc fd fb 9b 0f f2 77 ab 3a 6f 1a 42 62 6b 56 4d d7 0b ea 72 3c a9 66 d7 e3 ea fc bc c9 5b 69 96 7e 92 7e bc 7a f7 f1 9d 1e 16 dc ff f6 55 3e 79 5b b8 69 d8 6e a6 75 45 13 b1 bc 78 44 b8 ad a7 73 74 c8 48 ee de df 01 c9 02 44 17 59 7d 51 10 05 f8 8f 55 36 9b f1 7b fc d7 24 9b be bd a8 ab f5 72 b6 3d ad ca aa 7e 94 fe f8 f9 f9 39 be 31 5d fa 2d 68 e6 1f a5 d3 8a 48 b7 6c d1 66 52 d5 33 a2 53 9d cd 8a 35 51 71 4f 7a 9e 54 ef 98 74 e0 96 dd d5 3b fe 3f b0 4a 6b 62 d4 ad 9d 51 aa ff 1b df eb 8f 96 fa a8 1a a1 79 6c e6 7a ad 05 97 4e fb 3a 2f b3 b6 b8 8c b4 17 84 b9 b9 fc 2a 18 12 f8 62 96 fe f8 64 0f ff c9 10 ba 5f 76 71 df 25 dc d1 2e 32 54 fa 7f b7 f5 1e b5 ee e2 52 56 d9 4c 30 b1 14 7e 94 ae eb 72 0b 5f d0 0c 6d ef 8e 2f 8a f3 3b e9 94 06 48 38 eb 8f 65 b5 5d e7 ab 3c 6b d3 1f cf f3 c8 08 8b 69 15 05 4a 9f 2f c7 ab e5 c5 1d 07 a1 ff f2 a4 5d a6 5d 95 31 2b b2 b2 ba 08 b5 06 01 eb b4 22 3e be 2a e8 65 ee db 4a 79 b1 24 16 cd b7 27 65 35 7d 0b 72 7d ab f3 0d 7f f6 83 aa 5a 10 f5 f0 3b 71 77 5b 4c b3 72 3b 2b 8b 0b 9a 48 e2 e8 3e 92 0b 12 82 b0 9b be 32 b1 f2 ff 2d f7 99 e3 a2 40 38 a8 0f fd ed 06 79 9e ae eb 06 02 82 fe f1 77 45 6a af 68 a9 7b 7e f9 bc 28 69 7a a8 97 72 35 cf b6 f4 bb cf 76 68 de fd b9 20 86 0d 84 ec 07 db c5 72 96 bf 23 d1 d9 dd 7f b0 7f 70 ef d3 fd 07 fd 01 93 f2 28 7e 20 43 8e 8f c6 20 4e 9c 87 3f 2d e2 fa 77 2d 7f 32 9a 93 aa 6d 41 6e fe c3 8c a8 c9 b5 0f db 37 f5 9a 2d 8b 05 f7 69 14 01 3e 20 b1 aa 96 db 34 d6 92 a6 61 46 4a 9f e0 b1 ee d9 f8 65 1f c2 6c 5d f3 2f 84 c8 f8 1e 9b 92 e1 ef 08 a5 df d3 40 78 9b 5f 9f d7 d9 22 6f 52 41 72 42 44 9d e6 67 4b 42 94 60 ec fc ee f4 33 a5 47 c9 4f 10 00 da 21 d0 d6 d9 b2 39 af 6a 22 40 43 6c 96 6f ed 8c ef f3 0c 11 1b 0c 7d 45 dd a7 cc 03 5d d8 cc b1 1b 60 8b 86 88
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:05:17 GMTAccept-Ranges: bytesETag: "d64cd90569eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:09 GMTContent-Length: 2345Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 c6 65 76 3d cb da 7c bb c9 db ed eb c5 28 c1 07 eb 62 9b fe c5 c7 dd bf d3 6f 75 3f d9 2e 8b a6 4d 7f 71 92 a6 93 ea dd 76 53 fc a0 58 5e 3c a2 df eb 59 5e 6f d3 47 87 c9 2f 49 92 79 bb 28 d3 1f a7 37 d6 c5 b4 69 cc ab fc d6 ac 68 56 f4 f7 a3 74 59 2d f3 43 fa 60 55 35 45 5b 54 cb 47 69 36 69 aa 72 dd f2 a7 57 c5 ac 9d 3f 4a 77 1f 1e 3c 5c 09 cc 10 8d f4 5b 0c 6d 91 d5 17 05 bd ba 83 77 56 d9 6c c6 d8 d0 5f fd 17 d0 3c de d7 0f b6 8b e5 2c 7f f7 28 fd 54 1f 7c 68 20 df 5f bd 03 3c 0c 97 87 58 67 b3 62 dd 3c 4a f7 80 56 9a 9e 57 cb 16 54 c8 09 d7 7d f9 68 fb 2a 9f bc 2d da ed 6c 59 2c 32 f4 b6 3d 5b d7 fc 0b 61 36 de 6b d0 66 d3 77 fd f7 cf 8b b2 dc 5e 54 33 ea 64 52 b5 73 34 ba e5 97 cb 6c 41 9f 2b 09 b6 67 d5 d5 72 52 b4 11 ea 6c 2f b2 62 c9 24 52 c2 ef 3d e0 01 f6 1b 4e 69 c0 f9 b2 4d db 59 8f 33 e6 79 46 14 1a 62 99 b2 60 f8 6d 9d 2d 65 12 82 a1 df 0b 86 be a1 11 61 f4 7b be cd af cf 6b 1a 59 d3 1d 19 f5 40 50 76 7e 77 fa 99 d2 53 ad b2 69 d1 12 af d1 ab 00 af bd 9f 57 f5 e2 91 fc 5a d2 cb f7 66 5b 3b a3 74 9b 26 7a 94 ee dc 41 3b ea 23 4d 77 77 fa 70 76 f1 ed 26 28 f8 9f 82 20 20 1d 32 34 2d 8d 64 ca 30 1d 23 d6 39 bd 5d 5c 86 8c c8 0c 67 25 a5 58 96 c5 32 df 9e 94 d5 f4 2d be 30 ac c9 ad 0c c9 ec 9c 3b c9 ea 7d a4 28 31 32 d7 8b ed 66 5e 5d a5 f6 83 65 fe ae dd 56 85 c0 1f f4 5a ac ea fc 72 7b c1 f8 5b dc 00 38 fd 5d 8b c5 aa aa db 6c e9 58 8b 5f e8 41 e0 3e ae 6f ec e3 3a ec c3 1f ff 60 5f 6d b1 20 0a 07 b0 44 c5 a5 cd 2a 5b 7e 8f 3e db 6e af 57 f9 67 1f 2f 88 81 e7 1f 7f df 43 e2 d6 af 5e e7 59 bd e1 4d 6f aa 55 14 f4 d3 82 84 c6 7b ab 37 e8 78 6f 8a 68 48 8b 21 7a 53 2f f4 2f 43 d3 be f1 5a 9c cd 98 9a f3 bc b8 98 b7 8f d2 7b 3b 90 73 6a 6a 94 e7 2e 7d 90 3e c0 3f 24 11 1b e0 8b 02 b6 88 f9 93 04 78 97 79 4d cc 9e 95 db 59 59 5c 10 02 a4 9b da 6a b1 01 9e a8 07 87 b1 af a1 db 6a 25 88 e1 0f 8b e9 4e ca 18 a6 e9 b4 2a ab fa 51 fa e3 0f 1f 3e c4 9f be 4e 3e d0 16 eb ba 41 93 55 55 90 fa aa 37 a1 81 8f f9 03 8f 15 cb fc 9c 48 b5 cb dd dd f6 4d 11 14 79 73 ff b6 6f 8a 80 f0 9b b5 cc cf ad 3b e5 57 a5 53 7d 35 e8 95 db 28 a3 a1 8d ea 79 68 39 10 a8 c5 db 3a 55 53 d2 ef a0 91 7e 5a d1 54 9e 97 d5 d5 a3 34 2f cb 62 d5 14 a4 85 49 27 da 4f e7 c5 6c 96 2f f1 d9 d5 bc 40 27 a4 2d 89 f4 cb ea aa ce 56 d1 fe a9 85 18 1b 6f 2a cd ec 0e cd 14 bf cf f2 06 a4 f8 6d d3 74 96 9f 67 eb b2 bd 41 2c 48 06 d9 70 e1 4d c7 65 be 5c 58 6c 0c 2e 64
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:05:16 GMTAccept-Ranges: bytesETag: "03eb0ff559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:09 GMTContent-Length: 15097Data Raw: 1f 8b 08 00 00 00 00 00 04 00 d4 7d 6b 93 e3 38 8e e0 f7 fe 15 be e8 e8 a8 ca 9e 74 8d 2c 3f 33 2b ba 6f 1e b7 3b 33 7b bb 73 b7 3b 8f b8 b9 ee 8e 0d d9 96 d3 8a 92 2d af 24 57 66 f5 46 ff f7 23 29 52 22 41 00 a4 9c d5 7b bb 9d 53 39 29 89 04 49 10 04 40 10 00 df 95 d9 a7 6b 31 2d ce 65 71 ce ef bf 28 4e 4f 93 7f ff 62 32 d9 17 cd 45 7c 79 9c 74 1f a6 db b2 da 7d 78 2f 3e 7c cc eb b6 d8 65 e5 34 2b 8b a7 f3 e3 e4 54 ec f7 65 fe fe 8b 9f be f8 e2 38 bb ff e2 98 8a 7f 73 f1 6f 21 fe 2d c5 bf 95 02 77 a8 ce ed f4 39 2f 9e 8e ed e3 64 91 24 aa 7c 76 ff c5 b6 da 7f 52 05 76 55 59 d5 8f 93 2f e7 f3 b9 fa a6 bb 95 ef 9f 44 a7 f4 c3 31 cf f6 79 dd 3f 9a 2e eb c7 53 56 9c 15 a8 4b d5 14 6d 51 89 be d5 79 99 b5 c5 c7 dc 87 78 ac 55 d1 a3 ee 51 22 47 56 89 a1 1d ca ea f9 71 72 14 63 ca cf 76 2d f1 bb ba b6 53 d9 dd be c1 a6 d8 e7 ce c3 b4 d9 d5 55 59 2a c8 06 d8 f4 05 03 e7 0c 2b 2f 8b 4b df 23 ae 13 db f6 7c 8f 42 80 93 c7 cc 11 02 4a 4c 75 b6 2d f3 fd 00 6e 57 0d 5f af e7 26 2f f3 5d ab 00 4f 4f d5 8f d3 6b 93 d7 d3 ee e5 e3 e4 5c 9d 73 89 3c 31 b9 db 0f 45 4b 7c 3c 35 d8 07 d1 1d 45 56 ff 76 ad da bc a3 05 f1 fb da b6 b2 f9 bd e8 cf be f8 28 7e 95 e2 5f 7b ff c5 a1 aa 4f f7 04 8d 89 a1 9f 2f 57 51 a8 2c ee bf a8 44 05 81 d0 4b 2d 60 b6 02 4a 9b bf b4 59 9d 0b 6a 6b 8f f7 5f 5c bb f9 39 65 f5 53 71 d6 33 7f c9 f6 fb e2 fc a4 9f cc 50 da ec 32 3d 0a fa 28 25 8d 4c 35 81 d6 4f db ec 6d 72 3f d1 ff bb eb 08 f9 31 db 49 3a bb 17 7f 1d e5 0c 76 53 79 6d e5 b4 28 a8 a2 90 99 9c 6d 55 0b 2a b6 70 50 16 ea 7d 59 34 ed b4 69 3f 95 b9 f5 ad 95 33 63 55 93 dd 28 b3 4b 23 ca 98 bf de 0f 1f 9b 4b b6 33 e3 90 eb 11 59 83 4d f1 a3 a8 3b 4b 92 af 3a fc 6b 6c 6b f4 55 97 f6 a9 ae ae 17 f5 57 21 3f 74 33 36 20 71 80 74 c8 4e 45 a9 18 c4 31 af 8b f6 bd db 82 f7 b6 1b 18 7c 6d 58 82 f5 1e a0 4d 4c a3 6a f3 f9 58 b4 b9 1a a1 f8 24 5e 4e 9f eb ec f2 1e 7e 50 04 4a 7f a5 bf 54 ee 37 81 4f f5 f0 38 d9 8a 41 7f 98 ca 17 1d c2 0c c3 52 5c d1 f0 8f d9 bb d5 fb 81 89 01 1a 79 b7 59 de 99 01 8b a2 8b cb cb e4 f7 79 f9 31 97 4b 74 f2 c7 fc 9a df 0f cf f7 93 ff 2d 26 f0 ef b3 f3 d3 e4 4f bf bd 9f fc 39 3b 56 27 f1 f2 d7 75 91 95 f7 93 26 3b 37 62 0d d5 c5 a1 9b df da ef 89 a2 60 43 dc b3 44 b4 85 50 b8 4d 82 93 ff 56 9c 2e 55 dd 66 e7 d6 a2 a4 6d 25 e8 e2 24 20 08 00 4d 55 16 fb c9 97 79 0e cb ee ca 3c 13 50 44 d9 a3 aa 9a ed 3e 48 ea 39 ef 45 33 7a f6 3a 7a 91 c4 33 dd e7 bb aa ce 3a c6 dc d3 b7 bd 5e 8c 08 58 af d7 ba ee 4e cc 90 45 ba 66 6d d4 a7 ac 94 0d 7e bd bb d6 8d ac 72 a9 8a 73 9b d7 0e 83 33 e3 78 b9 f7 5f 4d be d6 4b ea 45 52 ab c2 cb f0 d1 85 62 57 c7 ea 09 56 d9 e6 67 29 19 9c 8a 0a 35 dd a8 5c 24 7d fd 63 a5 f0 ea 15 7e 7c cc 0e 6d 8f 09 05 f4 71 f2 e6 fb 34 79 f3 9e 83 62 4
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:04:17 GMTAccept-Ranges: bytesETag: "808e85dc559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:10 GMTContent-Length: 24726Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec bd 6b 8f e3 ba 92 20 f8 7d 7e 85 bb 2f 0e 50 79 8f ad b6 d3 f9 b4 d1 8d 9e 99 4f 0d cc 62 80 e9 fe b2 b8 38 1f 64 5b ce 54 97 6c 79 65 b9 2a eb 18 75 7f fb f2 29 91 e2 2b f8 90 b3 76 d1 e7 e2 66 d9 b2 18 2f 06 23 82 64 30 98 6d 77 5f 67 f5 b7 a2 a9 f2 1f b3 6d 7d 6c f3 f2 58 34 53 f2 f8 ad aa 37 79 d5 fd fa bd c9 4f a7 a2 b9 9e ea f2 d8 16 cd ac f8 56 1c db f3 ea 58 1f 8b 75 5b 9f 56 f3 75 55 ec 5b f4 cf 7b 51 be bd b7 ab c5 7c fe db fa 7b b9 6b df c9 c7 9f 7a 54 08 dc b9 6c cb fa b8 da 97 1f c5 6e fd e7 ac 3c ee 8a 0f dc 64 6e 68 b2 2a 0e a7 f6 c7 75 57 9e 4f e8 39 21 e0 a7 8d 60 fe e2 be 2a 3e d6 1d ba 7c 73 ae ab 4b 5b 58 30 9e f2 63 71 55 1b 0c 04 90 5f da 7a bd a9 3f 66 e7 f2 cf f2 f8 b6 da d4 cd 0e fd 8a 9e 48 a0 d7 12 19 87 fc 63 d6 cb 86 7c 15 c4 26 93 b1 c9 b7 5f 77 4d 7d d2 90 42 e5 be a9 db b6 3e f4 1d d0 10 40 73 19 bd 8e ea d9 f7 62 f3 b5 6c 67 6d 7e 9a bd a3 46 15 6e 88 04 5d d5 cd aa 6d f2 e3 f9 94 37 e8 ed 35 f9 4c 51 d7 a7 7c 5b b6 3f 26 d9 c3 79 b2 bd 6c ca ed 6c 53 fc 59 16 cd 97 ec fe 71 9a bd 4c f1 3f 8b bb 35 7b 6d 35 d7 b3 a2 7d 38 3b bf d7 df 91 04 af bc f1 82 36 c6 94 91 de 6f f2 73 3b cb b7 6d f9 ad 98 44 80 cd 9e 64 a2 76 79 f3 b5 17 32 fe f0 d6 d4 97 e3 6e d5 bc 6d f2 2f f3 29 fe 5f b6 bc bf 93 5b 09 f2 e9 1a 4f 9d 6f c0 28 54 35 ff 58 6c db 62 37 e3 1a 80 b4 0b 11 88 9a 60 35 bb da 75 5a 56 3c fc 67 b6 2b 1b 04 0f b7 40 7d 7d 39 1c d7 87 f2 c8 d5 f1 f4 41 be 71 6d 3c 7d 48 63 eb bc 6d ea aa da 54 f5 f6 eb 70 e4 0a ea 8c 09 df 57 f5 f7 d9 8f 15 6d f0 33 3b 6e ac 20 ce 6d de 96 5b 06 83 e8 26 87 b1 7a 2f 77 bb e2 f8 f3 9f fe fa 0f ff ed af 93 7f ad ca 6d 71 3c 17 e8 e3 ff ac 4f 3f 88 a6 4f fe fb d7 6f 45 9d 4d fe 7b 55 4d fe 0f 7e 70 9e fc 9f e2 5c 34 df 8a 5d 86 de fb 5f b4 c5 6e 82 24 56 34 93 f6 bd 98 fc 5f ff f6 1f fc 71 36 f9 f7 a2 e8 be b4 1f ed a4 3c 92 77 4e 4d fd 9f 48 48 93 a6 ae db c9 be 6e 26 0c 33 fa 1d 7d 3b e4 98 6c 04 fe 9f de db 43 75 d5 0e ff 9f 7f 9d fe 75 b5 29 d0 db 05 fa 90 ef d1 e8 13 5f 2c 8f ef 45 53 b6 3f 31 80 e9 a6 de fd b8 1e f2 e6 ad 3c a2 81 7b ca 77 b8 73 91 1e 10 e8 15 b2 7a 5d 87 64 8b c7 7e dc 16 1f 2d 06 57 cc f2 dd 7f 5e ce cc 78 48 b0 7e be 2f ae 7b 34 76 c8 6b ab fb e2 b0 66 bf 64 4f cf c5 61 82 7e 97 88 c2 c3 8c e8 2b b2 5e 0c e3 bc ef 8a 6f e5 b9 dc 54 c5 cf 53 53 50 a0 fb fc 50 56 3f 56 87 fa 58 23 4d df 16 d3 ee d3 ba 47 ba 28 0e 3f 73 61 5c a9 06 e6 67 be d9 34 7f 6b cb b6 2a fe b8 76 02 24 46 8d ba 17 cc e7 ae d8 d6 0d 11 fb 8a f4 24 96 8a 2c 09 dd 1b 93 1d 82 83 b4 d3 f5 c2 cf cd f4 dc 36 35 1a 84 84 f0 ef 94 f7 4d 5d a1 d7 7e 6e eb 5d 31 fd ba d9 4d cf f9 e1 e4 c9 f9 f9 90 57 95 d0 05 2f a8 87 ce 17 84 ed 72 12 9e 3e 3f fe b6 16 bb 79 de 3b aa

Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: http://teleglsam.fitSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://teleglsam.fit/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?token=ad76fbd92e6bbb HTTP/1.1Host: ipinfo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: http://teleglsam.fitSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://teleglsam.fit/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: www.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/css/font-awesome.min.css HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/css/bootstrap.min.css HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/jquery-3.5.1.min.js HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/layui-v2.6.8/layui/layui.js HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/download/filename.js HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /runtime.d0a0d8313f8d1e00.js HTTP/1.1Host: teleglsam.fitConnection: keep-aliveOrigin: http://teleglsam.fitUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /polyfills.9225875df2b05e64.js HTTP/1.1Host: teleglsam.fitConnection: keep-aliveOrigin: http://teleglsam.fitUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /main.33015c0d456461f7.js HTTP/1.1Host: teleglsam.fitConnection: keep-aliveOrigin: http://teleglsam.fitUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/layui-v2.6.8/layui/css/layui.css HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/layui-v2.6.8/layui/css/modules/laydate/default/laydate.css?v=5.3.1 HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/layui-v2.6.8/layui/css/modules/layer/default/layer.css?v=3.5.1 HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/layui-v2.6.8/layui/css/modules/code.css?v=2 HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/datas/countries/phoneCode.json HTTP/1.1Host: teleglsam.fitConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/images/logo.jpg HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /styles.e2974b719a0acf9b.css HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/datas/countries/phoneCode.json HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/images/logo.jpg HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: teleglsam.fit
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: ipinfo.io

Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: chromecache_83.2.dr	String found in binary or memory: https://ipinfo.io/pricing
Source: chromecache_83.2.dr	String found in binary or memory: https://ipinfo.io/support
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://meo.pt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: sets.json.0.dr	String found in binary or memory: https://sapo.io
Source: sets.json.0.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.0.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53409
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49723 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\manifest.fingerprint	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_6392_354112782

Jump to behavior

Source: classification engine

Classification label: mal72.phis.win@17/57@13/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2208,i,17692718109581764152,846259027756642193,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://teleglsam.fit/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2208,i,17692718109581764152,846259027756642193,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.117.186.192	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
103.140.127.200	teleglsam.fit	China	55933	CLOUDIE-AS-APCloudieLimitedHK	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.16.123.96	unknown	United States	13335	CLOUDFLARENETUS	false
104.16.124.96	www.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.6
192.168.2.5

Contacted Domains

Name	IP	Active
www.cloudflare.com	104.16.124.96	true
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.18	true
ipinfo.io	34.117.186.192	true
teleglsam.fit	103.140.127.200	true
www.google.com	216.58.206.68	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://teleglsam.fit/assets/download/filename.js	true	Avira URL Cloud: phishing	unknown
http://teleglsam.fit/assets/layui-v2.6.8/layui/layui.js	true	Avira URL Cloud: phishing	unknown
http://teleglsam.fit/styles.e2974b719a0acf9b.css	true	Avira URL Cloud: phishing	unknown
http://teleglsam.fit/assets/images/logo.jpg	false	Avira URL Cloud: phishing	unknown
https://www.cloudflare.com/cdn-cgi/trace	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://teleglsam.fit/assets/layui-v2.6.8/layui/css/modules/layer/default/layer.css?v=3.5.1	false	Avira URL Cloud: phishing	unknown
http://teleglsam.fit/assets/js/jquery-3.5.1.min.js	false	Avira URL Cloud: phishing	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun May 26 21:21:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	1FCB6C345F69FBCA8ADFBD5F8AB62221	165F9D2BC294D5A64CD1CFBB7756C102EDD8D09F	F34C4B871357A582803D24831F7EF2D11C6A25ABC4BF858627EF71CD198117BA
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun May 26 21:21:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	3594F32B078DD72D2AB9FD358C432D6A	B9B54ACA853EC2465C47DBFCBC265476C7891DCC	19BD9D552F923DF25AC0C684DC4B91742C56FA9111A2975DBB4019C630F0BF98
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	0DA8495B9ACD51AEDBD11393869A140C	91738AD5B20E8A78D40B2DB91FC6CE6EFF875E80	C71CDEF1E56DAA1362CF83590CF89CD8293839FCCD3ABBFD0BADD2E9C507E9E4
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun May 26 21:21:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	542F4FA6A4E5815B926C30290C8F66E3	D5342B58DEB0EBEC9E0145F23B2C24B5618C9110	CF84EFAA9D7ACFB667D0D3460CAA6C681341A4205160D99EC81EC082B70CA129
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun May 26 21:21:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	4C170F43468F0E561A5FC469A73D2BD0	39FE1673BEA6D77DD034B238D8F8CCA3BBF75D88	638E50A681E8E66F8943D7EF01CB9E893C1E5F33EED824FC7517CE2065120B71
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun May 26 21:21:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	08E03CD34619136DFAE02D675777A06B	AB1332439688519D75079031093AA2B0184DEC4E	1A286CE63A932121DB5C23D3E730FC20BAA65BFCC5D5BA1AA24D0656AE8EE782
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\LICENSE	ASCII text	EE002CB9E51BB8DFA89640A406A1090A	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\_metadata\verified_contents.json	JSON data	55FAB119C4B25E3B96B68A1412A400B6	BDDA56C51ADEBE8ED0E92658B5020186270085B5	6DDD430EC4522578FC545E37B7811B740AE9BAE80EBCDBE44ABEF6289B82E2EB
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\manifest.fingerprint	ASCII text, with no line terminators	224A1E3D38F496B70BB0A38D237F8FCE	FBC6B5A7C15349EE150549276F58B71674C05513	1538B4C21BDABACD90069B3EFC35E1FA898694695BCC136B08A2586005645A2D
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\manifest.json	JSON data	F67F1900F79CA094D0FC2182B79E7A60	B0C783FB7F8985C82313C2AC4606A820FFEE7C4B	8EB011F941D5A247352B301DF87300D0881D7E50FDFD1C37CE2F85DCF946499A
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\sets.json	JSON data	B63AD3A7023C80F4D2D24BF4AC4145B7	582BFCD098EB6E63B5420F19A81CD3C04D5CD945	86DFE2A9896CA7CAD92BD313A27ED185339D0E4729EDAEB95C1D6A2CBEBB79AA
Chrome Cache Entry: 74	Web Open Font Format (Version 2), TrueType, length 13980, version 1.0	B7D6B48D8D12946DC808FF39AED6C460	3F18028A04B3FB39BB1CC33DCE401D04E9207970	D4AE5188A65370ECFE28F42293BBEE8297CFD5712C6AADFDB270D48F2BCD88B0
Chrome Cache Entry: 75	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 920	254ED3C85386DDF2A11DD252CA7AC96C	71C9EDEF17940D9ABC6189A5BE7A60DDE0F0487C	F6D6C8962A6E5B6475A80778F5EDBEAE5119473CF60190E127990D65C874050D
Chrome Cache Entry: 76	JSON data	19551C0B56DC31D495FC8AD9375B3044	6FBCAE618638A57482344C28228A1DAEDC41D4C4	0CED196A8F08E4B904863D19B618BBFBC87882D8E95BEFA5B6599A9708DCA790
Chrome Cache Entry: 77	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 199573	C50F2186BC6B5F00D9728D9E41A7E863	DD09EEEC9061EA55B8F61864E672C73BA16288E5	9F7D6367A07C4887AA1384C71C61153E480D4911E3905AC9E84D69A3B6FB7F9C
Chrome Cache Entry: 78	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 27408	FBC700D7A322B714F18498EF2706E2A0	BAE3291548462E284DA566700F7467BD9BAF5493	879F0296CB26BC79263CD360CD88AA374970663470FAC3285FB89A2023984545
Chrome Cache Entry: 79	JSON data	19551C0B56DC31D495FC8AD9375B3044	6FBCAE618638A57482344C28228A1DAEDC41D4C4	0CED196A8F08E4B904863D19B618BBFBC87882D8E95BEFA5B6599A9708DCA790
Chrome Cache Entry: 80	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 37755	40FB9E2BC75480DC6E1A4BC48C021093	A7CC6C71E3CF0D575DF3EF7976732F6142A1E936	9BAC1EB7CF2E4950973154AE83544C00D76C54C057C947454BFE15ACE9B87EBE
Chrome Cache Entry: 81	ASCII text	79AC243EE7E29AF9F9768C9CF3C55F4B	1F125F7867BA318A3CBB34CEFFE60E57E821D69C	C2F11BC18857248195F7C0B3C9FAF8C77742380E96344053F5E3DA81E8FF5667
Chrome Cache Entry: 82	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 97951	2DE4A89BB500CC39717AD46460222858	8F7AB07B2F45160C55821C7A26A5A36D1B197CFF	1CA4D27754A35081A59F594C6953AE0307980918C777519D344D36EC349CC304
Chrome Cache Entry: 83	JSON data	3319A200ADEF63CFB155C84AD6A1BCC1	CED752E1F3903015159F1F18AC409A6373D027B0	60B59A85B456EEA5EA7B0D592088FBB7416F938598BF39AAAF2B56C45A02783E
Chrome Cache Entry: 84	ASCII text	404D6B9FCA4689556C3DE427FCA367E7	6FE2EB79166B64E0C5C236C5C7420722AEC5F0F3	1354A67B4D19E9934582ADAA5D58F94230278CDFA723C1ED4A388589A874FE70
Chrome Cache Entry: 85	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	4C7161B2FF1DB8E15C7E47F8639C5F86	30260EFCDAF269977CF3E8A2280A9C6D4C93B583	7E2388EC283FE17472EF02829A93DA550AF8F3AD4A975F50A0110BFF61AFE523
Chrome Cache Entry: 86	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 8730	FBEBD8C8492CA0893E4370FA4401137D	DF4C91247B7173B42104E0662B1B7A327783CD0A	FF8743CC5BA62CAC21EC38D6AA2D16C04304EEE70A40F5D086D45181C50C0100
Chrome Cache Entry: 87	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 65	60ED8F1DA58E85E5B20A51C54F92FD62	CF342269661AF8CE772ED5C2953885EF6038C589	C1E48EF9B045D2C715A5295CCAE5CAB46E7158AC9B0EE36BB5A40DC8F44DB1D2
Chrome Cache Entry: 88	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	4C7161B2FF1DB8E15C7E47F8639C5F86	30260EFCDAF269977CF3E8A2280A9C6D4C93B583	7E2388EC283FE17472EF02829A93DA550AF8F3AD4A975F50A0110BFF61AFE523
Chrome Cache Entry: 89	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 17456	B67D2B7B3514E344FC7D4E9DBC2E05B2	B0756B6AB1DE213778FF2A6E89556E86DE058DB3	7F9415D03C85A9D8C56ED9BDF126DC69DDBCF78F8D82BCF35EE6733A77FB696D
Chrome Cache Entry: 90	ASCII text, with no line terminators	7C9B4413EC2C2F6152742F79374F72E6	AC4B8CB311051FDBDF3E47B6077F3E8F820BB5BC	4E60DD8D9D5B87624A480951278A281802D9E31EC3CC022A433D020F92CFE767
Chrome Cache Entry: 91	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 530342	115AADFC1EB1DF59B70881215D7BA0E5	154FD1141B4F2DFD8808EEE8BDB168BF0D4C1F6C	2F11CD284A99F124A70E7B717F3DEF7E1D424AECF90CB7BFA2FF2EB2FECD3FF9
Chrome Cache Entry: 92	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 167871	43C5BA22F7FA4441831BFCE40FD38F1C	5E7BF3BAEE1A9BEF464EEC4FD9319521ABD6E362	FE85D176338A0952385A471E086A2C8E30F75BDD7F9C9AE8B66AE406E80F6640
Chrome Cache Entry: 93	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1587	D4A2869E1E05A423F20E11F9B8F4C00F	779A8AF1A682992CA5C883A4D5EFD40D0A456F85	6DAB1448B6A31977CEDA92E20A70732CB95F3E1D0597BE3381453F32431D7BEC
Chrome Cache Entry: 94	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 817377	62C522A06D68508A6A6D393A99B61C83	AA008B36183F40146B544B40FE6D276D2D9D555F	F00B59A45AB44AB090EC5D9FC7D192A6A42E8BDF72F5AF26E308D96742EBF23F
Chrome Cache Entry: 95	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 265985	2D1DC90776ACD60B44EED71A6615EA82	797C5D0CD321421C1ADABB619269F31AEE0E8E5F	C941CA4420F707799A83E5BD52C31AA65497BDDC9CEEEE852ECE78E2FE39D90B
Chrome Cache Entry: 96	JPEG image data, JFIF standard 1.01, aspect ratio, density 96x96, segment length 16, baseline, precision 8, 128x128, components 3	B6804A49A117CB8B5EB86CD489A93A36	3304EB19BFD257989D94D5217196C129C3244696	2A1F3DE21A6685E08138C0D562DE525D765EF14999B143085E678FC4D7517A4D
Chrome Cache Entry: 97	JPEG image data, JFIF standard 1.01, aspect ratio, density 96x96, segment length 16, baseline, precision 8, 128x128, components 3	B6804A49A117CB8B5EB86CD489A93A36	3304EB19BFD257989D94D5217196C129C3244696	2A1F3DE21A6685E08138C0D562DE525D765EF14999B143085E678FC4D7517A4D
Chrome Cache Entry: 98	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 111307	5ABF29AD2ADA4B9CDCBC16D2722785FC	EA6211431BB391AAC6F47098899D2D5A0A45EA1D	7C37CE889B415BACDD84D4D6C3F9D2CB1754C34461B322911B3A5BCB759CB62D

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://teleglsam.fit/	Avira URL Cloud: detection malicious, Label: phishing
Source: http://teleglsam.fit/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: http://teleglsam.fit/assets/download/filename.js	Avira URL Cloud: Label: phishing
Source: http://teleglsam.fit/assets/layui-v2.6.8/layui/layui.js	Avira URL Cloud: Label: phishing
Source: http://teleglsam.fit/styles.e2974b719a0acf9b.css	Avira URL Cloud: Label: phishing
Source: http://teleglsam.fit/assets/images/logo.jpg	Avira URL Cloud: Label: phishing
Source: http://teleglsam.fit/assets/layui-v2.6.8/layui/css/modules/layer/default/layer.css?v=3.5.1	Avira URL Cloud: Label: phishing
Source: http://teleglsam.fit/assets/js/jquery-3.5.1.min.js	Avira URL Cloud: Label: phishing

Multi AV Scanner detection for submitted file

Source: http://teleglsam.fit/

Virustotal: Detection: 18%

Perma Link

Phishing

Yara detected Telegram Phisher

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Detected clear text password fields (password is not hidden)

Source: http://teleglsam.fit/

HTTP Parser: <input type="text"... for password input

Source: http://teleglsam.fit/

HTTP Parser: No favicon

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49738 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49723 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.5:53407 -> 1.1.1.1:53

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49738 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/htmlContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:04:14 GMTAccept-Ranges: bytesETag: "bc2cc8da559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:06 GMTContent-Length: 40160Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 1e ff ae 4f bf 3c 79 f3 fb bc 3c 4d e7 ed a2 3c 7a 8c 7f d3 32 5b 5e 7c f6 d1 0f e6 db 27 2f 3e a2 8f f2 6c 76 94 a4 f4 3c 5e e4 6d 96 4e e7 59 dd e4 ed 67 1f ad db f3 ed 83 8f f4 ab b6 68 cb fc e8 4d 5e e6 17 75 b6 48 bf 9b 4f 1e df 95 cf e4 7b 7e 75 55 57 ab bc 6e af 3f fb a8 ba 78 c4 df 7e 94 4e ab 65 9b 2f 09 9c ff ae 81 da 79 ab bd 2a da 36 af 6f ff ea 32 5b e4 9f 7d f4 36 bf be aa ea 59 73 c3 1b bf eb f6 76 f0 da 2c 6f a6 75 b1 6a 8b 6a e9 bd f9 9f ff e1 7f d5 7f f1 67 fc 4d ff f9 1f ff e7 fc e7 7f ff 5f fd 9f ff 49 7f c2 7f fe 27 fe 4d ff f9 df f9 b7 fc 67 7f d7 1f f3 5f fe 3d ff e0 ff f8 f7 fd 71 ff c5 3f f0 b7 fe d7 7f e6 5f 25 df fe 67 ff e0 5f fc 5f fd 35 7f f4 7f f9 f7 ff c9 1f a5 77 b5 0b 40 e7 df 52 6f 54 44 0b bf 2b fd fe 83 3a 64 18 77 8f d2 ed 6d ed 78 92 35 79 3a af f3 f3 cf 3e ba 6b c6 5b 16 cb b7 69 9d 97 9f 7d 54 50 67 1f a5 ed f5 8a 46 5d 2c b2 8b fc ee bb 6d f9 4c 5e 19 df 3d cf 2e f1 c1 98 fe e9 bf be aa 73 fa 6e 99 4f 5b f3 c2 bc 6d 57 cd a3 bb 77 cf 69 10 cd f8 a2 aa 2e ca 3c 5b 15 cd 78 5a 2d be c6 fb 4d 9b b5 c5 94 5f 4e a7 75 d5 34 55 5d 5c 14 cb cf 3e 32 b0 9a f6 ba cc 75 00 6d fe ae bd 3b 6d 9a 8f 8e 7e 4f bc be 7d 9e 4d f3 5f ac bf 2d 8a f2 fa d1 c7 cf b3 b6 fa f8 90 3f e2 17 1f 2d ab 7a 91 95 f2 c9 55 5e 5c cc db 47 bb 3b 3b f2 f7 ac 68 56 65 76 fd a8 b9 ca 56 87 4d 3d 7d b4 ae cb ad 41 fc ee 36 77 4b 82 7e f7 72 6f ff ee eb 4f d7 07 57 fb 4f be f8 ea cd cb 6f cf ef ed 1c 7f 55 6c ff a2 17 c5 ef 7d f1 20 ff 6a 67 7c 55 9d 9f ef dd 49 cf d1 73 bb f5 31 ff f9 f1 9d c3 f5 92 28 3c cb b7 6b 12 c1 fc d1 57 9f ec 10 1e db 3b 7b c7 cf 46 29 fd 71 6f 67 5f 7f 1e c8 cf bd 87 f8 b9 7b 4a 8d 76 4f 1f 72 a3 dd d3 67 7b f4 c7 33 fe 63 6f 67 6f 47 7e 1e ef 6c d3 3f 4f f4 8f a7 f4 c7 89 7c b3 bb 7b 8f 7f 9e 7c 4a 2d 4e 1e f0 6b c7 0f f6 76 b6 8f 1f 3c 7b 76 f8 4b fe 5f 46 c3 df fb 44 69 f8 13 b7 a6 20 3d db 3b 3b 42 8f 9d dd 7b bb f2 f3 fe de 36 fd c3 43 df d9 7b f2 84 68 fc e4 44 fe 38 f9 54 7e 3e 3d d6 9f f2 f9 00 ed f7 00 7e 6f e7 53 06 bf b7 f3 80 1b 11 85 f9 a5 bd dd bd 3d f9 f9 90 bb a5 9f dc e3 1e 7d a1 3f ef e3 e7 33 9d ae 67 cf 9e 3d fd 30 92 df fb 46 48 fe d0 92 fc c1 57 af 5f 5f 65 2f 3f ff 89 7b bf e8 fe 6c e7 c5 83 ab 5b 93 9d 26 9f 88 fa ff 4d c6 fd 59 a1 62 61 a8 78 6b 12 d2 f3 f3 87 73 f7 bf 11 9a 5f 1b 9a ff f4 bb e3 ab df bb f8 6e fb ec e4 fc 27 1e 1c df 9a e4 ff 5f e6 da 6f 9c 82 fb 4a c1 e9
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:04:18 GMTAccept-Ranges: bytesETag: "0251edd559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:08 GMTContent-Length: 5088Data Raw: 1f 8b 08 00 00 00 00 00 04 00 d4 5c 4d 6f ec 38 76 dd f7 af a8 60 30 78 af 07 2e 3f b3 5c 9f 1e 24 e8 20 c0 00 03 74 90 45 67 99 0d 25 51 25 3e 4b a2 1e 25 d9 ae 0e e6 bf 87 94 ea e3 90 55 75 e4 01 7a 93 5e f4 83 a5 73 29 7e 1c 5e 5e 5e 1e d6 b7 bf fc cb 4f b3 bf cc 66 7f 33 75 37 fb f7 77 d5 9a 4a cd 96 8f 8b c7 a7 59 72 98 fd 92 c9 37 b5 97 75 76 98 cd 67 45 d7 35 2f df be e5 0e 29 47 e0 a3 36 ee f9 2f f0 64 28 eb 57 9d aa ba 55 f7 4c be 95 c7 f7 5f fd 47 5f 66 bf fd fd d7 d9 7f fd ed d7 99 78 14 0f b3 ff f8 ed b7 97 d9 7f fe fd bf 4f 85 fc ec 4a fc f6 d3 f0 89 79 2e 53 35 fb df 9f 66 b3 e3 5f 95 2e 0f 2f b3 2f be 94 63 cd bf fc d5 bd 6d 6d fa 32 eb 6d f9 f5 cb e3 e3 f0 e9 16 2b 30 7f 57 89 ff f3 51 99 ee cb cf ff 2c de 7d da 56 b2 fb fa 45 55 89 ca 32 95 cd 4d a3 ea ee d0 a8 2f 3f 3f b8 b2 66 9f 28 e8 dd e4 39 94 34 fe f9 59 e3 ae 43 db ce f6 ea 9f fb 78 fb b6 07 fb e1 af bf 9e 7a f4 5d e9 7d e1 06 a4 f6 6f cb f3 e3 b6 3b 94 ea f2 f4 1f 3f fd f4 98 cb 61 1c 32 dd 36 a5 74 63 a0 eb 52 d7 6a 9e 94 26 7d 3d d9 9d 2c a2 7f c4 b2 f9 f8 26 66 30 68 97 0f e9 df 95 2f ab 50 56 77 fe 69 a7 3e ba b9 55 75 e6 1e d4 fb 97 99 ec 3b e3 9f fb d6 bc 6a 47 81 c1 aa 32 a6 2b c6 f7 75 a7 65 a9 65 ab b2 01 56 99 df e7 a6 fd b8 c2 ed ad 3c b4 a9 2c d5 a9 35 f3 72 7f 21 d6 58 0d f1 f8 7c fc 4f 55 be b0 a1 81 c5 b1 87 9e 1e 37 ab f1 f1 9b b2 9d 76 45 cd dd 77 f7 f5 cb 6c 2e 56 7f 3e 97 ba f8 88 4b 5d 78 ab e3 db e7 ab b7 cf f0 76 79 f5 76 09 6f 57 57 6f 57 f0 36 7f 1f de be eb ac 2b 7c 4b 16 db d5 46 2c 17 bb b1 ca 43 af 1e ab eb e6 58 a7 ec d9 b0 2f 07 c3 46 66 99 eb a8 79 a9 72 df 58 6f 54 49 bb d7 f5 f1 c9 e2 d1 95 36 94 79 ea 9b f6 48 93 b9 67 a3 1f f9 5a 61 a1 ff e6 20 63 c9 a6 d5 9d 36 ee cb 56 95 b2 d3 6f 30 04 31 42 26 ad 29 fb 6e e0 c7 f8 dd 79 fc e1 63 0b e3 c7 9d 69 fc 18 45 0f ef 37 bb d4 c0 81 e3 a7 c4 e3 d8 69 db 35 74 6c 62 ac e3 22 f6 91 ff 8e 1b 54 ff ff d5 f0 8f 38 12 63 84 be cc 5c 1b 74 e6 9e 3f 6d dd eb 3f 29 a5 2e 2f e7 56 66 ba 6f 87 aa 9e 3e d2 f4 65 39 b7 9e 65 e3 00 97 46 ba da 0c 0f 00 e0 eb 88 ef fd df a7 4a 46 88 e3 c0 d9 13 71 81 63 f1 c7 82 31 0e 90 f3 b6 d1 f5 80 39 4d 3d 59 6b e7 41 86 71 3a bd 5e b4 6e ee e6 ba d6 9d 1a 66 8b b4 be a9 9f 04 ba ef fc 72 2a fb 55 1d 72 2b 2b d5 ce 2e 5f 76 25 3d fd 79 a8 c1 a5 0e 9d 95 75 eb 5d 99 eb 20 d3 c9 4e 7d 7d ca d4 7e f0 67 6e b8 ef bf fc 87 2f 4d 3c 7d a2 bc e7 d5 8e 95 08 af ff 31 b4 e0 ff 6d cd fd 18 8f af e6 bb a7 91 59 ba ec 3c 7f 1b 6b f6 3a 7b c9 3e dc 30 ee d5 b9 a4 c7 4a a7 d6 b4 26 ef 1e 13 d9 ea 74 78 fb 75 28 c2 8d f5 bf 8a 9f d1 4f 5f 7f 7f 77 6e d2 bc 6a e9 fb fb ef c2 6a 8b ed 1f 51 ef c5 44 bd dd 57 78 c5 01 40 5e 86 55 5f 6c fe 88 aa 3f 4f 54 dd 7d 85 57 1d 00 e4 e5 69 89 29 75 33
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:05:07 GMTAccept-Ranges: bytesETag: "80f352fa559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:08 GMTContent-Length: 40582Data Raw: 1f 8b 08 00 00 00 00 00 04 00 d4 bd 69 77 db 46 d2 28 fc 3d bf 02 cc f8 19 00 16 45 4b f6 64 ee 0d bd e8 38 b2 93 78 26 ce 62 39 93 64 28 26 07 22 9b 12 62 0a 60 00 50 4b 2c cd 6f 7f bb aa 7a 5f 40 ca c9 33 e7 be 3c c7 16 09 f4 de d5 d5 b5 d7 83 fb 83 e4 d7 ef d6 ac b9 4e 2e 1e 8d 3e 19 ed 27 37 49 36 cb 93 7f 1c 25 9f d7 eb 6a 5e 74 65 5d 25 45 35 4f ea ee 8c 35 c9 ac ae ba a6 3c 59 77 75 d3 f2 a2 bf fe 06 55 47 75 73 fa 60 59 ce 58 d5 b2 e4 fe 83 8f 06 d9 62 5d cd b0 66 c6 86 49 97 27 ef 3f 4a 92 74 cd df b6 bc f6 ac 4b 1f c3 ef fa e4 57 c6 bf 27 4f 9f 26 dd f5 8a d5 8b e4 bc 9e af 97 2c f9 eb 5f e3 2f 47 ec 6a 55 37 5d cb 1b 48 92 83 24 b3 9f 26 4f 13 36 9a d7 b3 f5 39 ab 3a 2c 42 c5 3a 18 c7 60 2f 57 8f c6 89 31 44 1a 9f fe 94 8b 24 1b e8 76 72 eb 65 92 74 67 4d 7d 99 54 ec 32 79 d9 34 75 93 a5 62 01 1b f6 db ba 6c 58 9b 14 c9 65 59 cd 79 99 cb b2 3b e3 bf 64 43 69 fe d8 6a aa 61 dd ba a9 60 70 d6 8b 5b ea 70 2c 5e dc e6 59 ca 77 82 2d ca 8a cd d3 64 a0 16 44 74 72 20 bf f0 0a 67 65 3b 34 66 76 38 4c 58 78 f1 2f 8a 26 e9 f8 6a 4d a6 43 ec ac e1 df bf c1 25 1f 9d b2 ee db a6 ee 6a e8 e5 9b 05 bd 86 85 ed 46 2d ec 31 3d 38 c5 07 8b 65 21 57 f9 20 be a0 72 9a 58 7c 34 2b 96 4b 6b c2 b7 1f 6d dc 12 d5 02 07 bf 19 6f a3 58 ad 96 d7 19 1f 7b 62 35 44 43 5b e3 d0 56 eb f6 8c 7e 97 f8 9b 2f 11 bb 92 d3 a9 f8 a3 f7 a2 78 cd bf 57 a3 ae 3e e2 8b 53 9d d2 b3 0b 7c 76 56 b4 df 5c 56 7c 2d 56 ac e9 ae e9 4d c1 df 5c 38 a5 97 fc 59 41 f3 a2 25 cc e9 f9 b5 d1 cb 39 ff 1e 9c 9e 98 5a 2a 5f 9a 10 4f 27 a1 5a 9f 9f b0 c6 dc 78 36 aa ea 39 7b cb 7f d0 e4 45 1f 57 1b fa a8 d6 cb 25 b4 82 cd 32 de 0f 1c 16 82 1d ab 9d 97 bc 9d 43 05 fd f4 6c 06 73 c1 fe c7 fc 1c 0d 93 b6 99 d1 97 8a ef 08 93 5f 5f e3 61 84 5f c9 2d 34 a9 46 73 82 78 80 17 91 83 02 f8 6b 86 62 7c a5 fc 02 7b 91 c1 e6 54 c9 cd 4d f2 32 1f cd 1a 56 74 ec e5 92 c1 48 b2 b4 9d 35 e5 4a 1d 23 38 a6 59 56 8f 3a 76 05 a0 cc 72 40 35 f2 b0 2e ea 26 c9 9a a4 ac 92 99 3e bf 19 c2 c2 a4 99 42 f3 19 82 fa f3 8e f0 19 2e 8a fd 24 6b f2 3c e7 8f 0d 40 ac 47 ad 55 60 98 94 62 30 1c 5c 58 31 07 c8 64 d5 fc f0 ac 5c ce b3 3a 1f ad 8a 86 0f fc 6b be 5b a3 86 9d d7 17 4c be 81 4a b7 e6 0a 5d ea 0d 33 b7 0b f6 48 9d 30 96 ec 24 69 aa 8e 4b 00 47 32 98 58 18 96 54 2b d5 a4 96 87 10 d7 41 36 a3 da 95 35 e4 18 61 af 16 7c e1 52 bc 20 52 da ac 23 1b d8 14 96 37 27 c0 31 e4 d1 68 51 f1 b3 57 76 54 44 c0 99 05 1b 2b 3d 73 89 95 06 03 02 fd 25 ab 4e bb b3 14 76 91 80 76 44 4f 24 bc 00 a8 5c 2a 64 22 ba cd c4 cb c1 39 34 ac b6 6f 70 65 fd cc d2 a2 69 8a eb 14 8f 01 80 9b da e5 3d 7c d4 99 8f 32 75 08 f5 82 76 30 a0 bd e4 09 7d e9 92 dd 64 1f c7 29 20 50 ed 70 06 4b c0 c7 79 34 5a 49 ac 9a 3c c5 22 72 b9 e8 12 e5 e
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:04:18 GMTAccept-Ranges: bytesETag: "0251edd559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:08 GMTContent-Length: 26177Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec bd 7b 8f 23 b9 91 20 fe ff 7c 0a ad 07 8d ea f6 94 d4 ca 94 52 8f 1a f4 60 6d 63 17 b7 c0 8c ff f0 dc 02 07 cc cd 01 29 65 aa 24 b7 5e 97 52 75 a9 67 31 bf cf fe e3 9b 41 32 f8 c8 2c a9 ba cf de f5 da ad ca 64 3c 18 0c 06 19 41 66 c4 fb 3f fe cb 37 bd 3f f6 fe 7c 38 9c 4f e7 a6 3c f6 3e 8d 07 c5 60 d8 7b bb 3e 9f 8f a7 87 f7 ef 1f eb f3 42 be 1c 2c 0f bb f7 ef 68 fb bf 1c 8e 9f 9b cd e3 fa dc cb 87 59 d6 cf 87 f9 b0 f7 3f d7 35 c0 f3 a7 a7 f3 fa d0 9c bc 8d 9f 37 e7 73 dd dc f7 fe 63 bf 1c d0 46 3f 6e 96 f5 fe 54 57 bd a7 7d 55 37 bd 9f fe e3 7f 02 1e 36 e7 f5 d3 82 51 3f 3f 2f 4e ef 15 43 ef 17 db c3 e2 fd ae 3c 11 54 ef 7f fc 8f bf fc db 5f 7f fe 37 ca df fb 6f be 79 68 48 a3 de 7f 7d d3 eb f5 fb 8b ed 53 fd d0 fb 76 38 9c 2e 56 ab ef d9 a3 cd be da 3c 1e c8 c3 c9 24 1b ae 72 fe f0 f8 d4 1c b7 b4 e5 64 35 ce 97 99 78 b8 d9 7f 24 8f ea d9 a8 9e 2d f9 a3 a6 ae c8 93 6a 39 2a c6 05 7f 72 68 ca fd 23 85 5c 55 d3 3a 1b f3 87 9f eb ed f6 f0 4c 1f ae 96 d9 70 ca 1f 3e 36 75 bd 27 cf f2 59 39 95 d0 e7 ba dc d2 47 c3 e5 7c 2e 9a 2d 3f 97 b4 55 36 2d f3 c5 8c 3f 7a 5e 6f ce 8c 84 ec c3 63 53 7e a6 cc 2e a7 c5 b4 d2 8f fa 55 d9 50 8e 47 e3 51 39 1e 8a 4e 34 9b 5d d9 7c b6 84 70 aa 97 87 7d c5 9f 43 2c a7 a7 e5 b2 3e 9d 2c 2e 37 fb d5 c1 66 a9 6c f6 9b fd a3 d5 c5 8a ca a2 b1 24 b4 a5 0a 40 1b ce 56 f3 55 29 1b 3a 8c 2e 9a ba fc 78 3c 6c f6 e7 fe 85 30 e0 3e 3d ed 1e 7a c5 74 72 bc 38 6f 76 64 50 a6 93 19 f2 66 4b 38 9c cf 73 e4 cd 85 c8 3d cb 87 43 f9 6a 75 20 0f 57 e5 6e b3 fd dc 3f 95 fb 13 11 51 b3 59 3d f4 fa e5 91 68 46 ff f4 99 68 da ee be b7 d8 12 a5 d8 95 4b fe 37 05 ba ef dd fd 5c 3f 1e ea de 7f fe c7 dd 3d 41 d5 eb 35 87 c5 e1 7c 20 cf ff 47 bd fd 54 9f 37 cb b2 f7 d7 fa a9 be bb ef 95 cd a6 dc 92 17 7f 25 ef 7b 3f 13 2a e4 99 26 c6 a1 ef fe 44 09 92 a9 b3 3d 34 bd 7f db 1d fe be b9 03 24 90 27 3f 7f de 2d 0e db 3b 89 16 02 ba 5d db 1d f6 87 d3 b1 5c 12 75 3a ad e8 1f 44 a5 1f 9f b6 25 99 8f bb 7a bf 25 5c 93 87 e5 92 fc 4b 14 e4 74 d8 96 27 c1 d5 8f 9b 45 dd 94 e7 cd 61 df fb 89 80 51 72 7f 39 3c 35 1b 32 63 ff 5a 3f df 31 38 8e f9 fb 6f 7e ff e6 9b 3f de 7f f3 f0 50 ae e8 44 27 3f 16 f5 ea d0 d4 6c 4e 2e 0e 97 fe 69 f3 1b d3 9d c5 a1 21 33 be 4f 1e 31 98 f5 79 b7 65 6d 00 c3 0f 40 3e b4 37 44 fc 75 7f 5d 73 95 ca 06 19 d7 b1 e7 7a f1 71 73 26 b3 e9 72 a6 c8 eb 7e 59 fd fd e9 44 5b 0c 87 6f 8c 16 e5 b1 bf 26 c0 4c 27 fb 4b 2a aa 87 1e b1 27 7b c2 79 53 ef cf 8c 8f b2 21 63 b6 ad ef bf 29 4f 9b 8a fc b3 da 3c 2e cb 23 ed 3a fb fd d4 d0 67 c4 c6 d0 be ad eb b2 62 ff 3e 36 87 a7 e3 fd 37 bb 72 43 5a ed cb 4f f7 df 90 39 c6 c4 45 7b 54 6d 4e c7 2d 9d b3 c4 6c 2d 3f 32 2a 8b 43 f5 99 bd 23 d3 f3 71 b3 17 1a 6f 74 dd d2 b
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:04:16 GMTAccept-Ranges: bytesETag: "8cd74fdc559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:08 GMTContent-Length: 16138Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 3e 5a 37 79 da b4 75 31 6d 3f 3a dc 6a f2 f2 7c 7c 95 4f 56 d9 f4 ed c9 7c bd 7c 9b cd 2e 7f ff 55 55 b7 d9 ef bf 2e 3e db f8 ed cf fc cc f7 be 7f 67 bc 5a 37 f3 ad ef 7d 6f 7f ef e1 f7 47 bf f8 fe bd 47 5b 4f f3 d1 2c 1f bd c9 ef 7c 76 f4 8b a7 d5 b2 69 d3 55 fe d9 47 eb e5 2c 3f 2f 96 f9 ec a3 df f5 b3 f6 7a 95 57 e7 e9 45 59 4d b2 f2 cd bc 68 7e e1 2f 74 bf 8f 8e e3 ad af 8a e5 ac ba fa 85 bf 50 7e 8e be 1d 6f 05 84 7f e1 2f 8c 7d f3 dd aa 7e 9b d7 9f 73 3f af a7 d5 2a ff 85 bf 10 8d d3 82 30 cc 96 d3 0d 4d 46 27 f9 67 ab fc 67 7e 26 06 55 f0 36 f8 ff cc cf 1c 53 bb 6f e7 a3 45 fe d9 f9 7a 39 6d 8b 6a b9 f5 bb 8d c6 e3 f1 32 bf f3 8b 8b f3 ad 45 3e 6e eb 6c d9 94 59 4b 1f 08 75 be f3 99 ff 29 35 a7 b6 87 bf db 67 df f9 de ce f7 e9 57 fa b9 fb fd 5f 52 e6 6d fa fa b3 8a be c5 a7 bf db b8 ce ae e8 97 3b 87 e7 55 bd 85 ef be f3 d9 ee e1 77 1e ff 6e e3 32 5f 5e b4 f3 c3 ef 7c f2 c9 9d d7 9f 7c b6 cc bf f7 9d ed dd ef 7f c2 ef 7d c7 bc f7 1d 7a af ce db 75 bd 4c 5f ff 92 43 83 66 8a 46 d4 df 9d 5f 2c df 7d f4 e8 a3 cf 3e 23 08 e3 e9 3c ab 8f db ad 9d 3b bf c7 ef 36 6e d6 93 86 18 67 79 b1 65 5e d3 77 0c 1e af 3f db 1d 01 97 d7 0e 97 d7 9f 7c 32 02 3e 34 fa 8f 7e df df 57 80 02 07 fa ec 30 2f 89 15 f1 05 77 f6 bb 7d ef f5 f7 ef 48 ef e9 eb c3 76 5e 57 57 e9 32 bf 4a 4f eb 9a c0 ff 01 5f 2d db bc 5e 14 4b 22 d2 2c fd dd ca 6a 9a 95 c5 0f f2 74 91 b7 d9 2c 6b b3 74 42 1f bd a5 e9 4c 3f fa dd 7e f1 32 ff 25 1f 8d ff 80 3b bf 44 d0 fb 64 f7 ce a3 df ed 97 9c e4 63 fb 16 91 9c 38 74 eb fe c1 bd 3b bf 64 44 ff 3e da 02 b7 fe ae 76 54 34 24 99 9c e5 67 f9 78 95 d7 34 be 05 98 c4 91 ab d8 7a 7e e7 17 2f 7f e1 2f 5c 8e 17 59 fd d6 fc a4 0f 7f 89 6d 52 6f 3d 1f ad 4c a3 3c 6b d6 35 31 94 fd 95 bf fc 25 c5 d6 47 3f 55 2d f3 8f ee 1c 4a 7f 53 ea ef f7 ff fd f1 d1 ef df 5c 2f 26 55 f9 fb af 6a e2 b9 77 c4 7d bf ff ef ff 03 ef e3 df ff 23 87 cb 9a ba d5 69 4b a7 9f 3c ff 25 02 ea fc b3 df 75 87 a8 9a 7f 6f bd f5 11 e1 3f cd 9f ae 57 65 31 25 f2 01 fc c9 3c 9f be fd e8 ce f7 0f 89 fc f9 18 9f 30 83 9e 53 47 06 ae e3 72 69 40 88 99 ce ef 74 67 87 47 91 66 65 9d 67 b3 eb b4 ac b2 59 3e 1b d3 a8 14 2b 01 c0 6c fc fb 7f b6 c5 c4 9e 96 59 d3 a4 cf 85 ce f5 7a da 12 94 76 54 dd f9 c5 2d 29 81 f1 ef bf ca ea 7c d9 7e d6 8e e4 cf 65 46 22 55 fd 1e d5 18 bf 10 8e eb 25 7e 99 11 e3 3c ae ab aa 3d fa 48 db ad 6a 12 db ba 2d f2 e6 b3 ea 17 fe c
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:04:18 GMTAccept-Ranges: bytesETag: "43d6cdd559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:08 GMTContent-Length: 191Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 b6 ce d7 cb 69 5b 54 cb 74 eb 4e fa 8b 93 34 bd 2a 96 b3 ea ea 7b 1f 9f 17 65 be cc 16 f9 c7 df 4f 3f 4b 3f fe af fe fe bf ee bf f8 e3 ff 92 ff ec ef fa 53 ff cb bf e7 1f fc c1 38 7f 97 7f 7c 98 fc 92 3b 5b 77 0e 93 ff 07 93 76 f2 e0 41 00 00 00 Data Ascii: `I%&/m{JJt`$@iG#)eVe]f@{{;N'?\fdlJ!?~\|?"i[TtN4{eO?K?S8\|;[wvA
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:04:16 GMTAccept-Ranges: bytesETag: "f67065dc559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:08 GMTContent-Length: 772Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 b6 b6 ee 7c 76 f4 8b 3f 5a 37 79 da b4 75 31 6d 3f 3a bc cc ea 34 1f 15 9f fd e2 5f 32 fa fd e9 9f c3 f3 f5 72 da 16 d5 32 5d 6e e5 77 7e 31 be ad 3e fb fd bf 97 7f ff b0 38 df ba ac 8a 59 ba f3 bb 7e f6 59 75 a7 ce db 75 bd 4c ab 71 fe 6e 55 d5 6d c3 70 6a 6e f9 d9 2f d6 cf 1e fd e2 5f f2 4b 0e b5 61 41 5f 8c a7 59 59 6e d5 e6 95 51 3d 72 bf 2f ef b8 3f 7e c9 72 bc f8 ac 18 e5 9f 7d ef fb a3 e5 f8 cb cf b6 2a 6a ba 1e 95 c0 9d b0 f8 5d 6b c1 ab f9 6c f7 ee ce e1 79 55 6f 65 9f ed 1c 66 8f f3 71 99 2f 2f da f9 61 f6 c9 27 77 7e 31 3e a7 56 df e3 37 bf ff 59 fe bd ec fb a3 e9 67 bf eb ce e8 9c 1a 9f 3f ae 4d e3 73 6a bc f5 bb ee fe c2 f2 67 7e a6 39 fa ac bc f3 0b 7f e1 97 93 9f ce a7 ed f8 6d 7e dd 6c 51 f7 77 c6 f9 65 5e 5f 6f cd 3f 3b a2 bf be 37 ff fe 56 fd bd f3 ef df b9 f3 7b d4 e3 66 55 16 d3 7c eb 7c 7b 7b b4 7b e7 d1 16 81 df 1d 95 8f 9b 5f f8 0b b7 1a 82 74 07 24 9b de f9 c5 b9 69 97 71 3b a6 54 fb d9 7a 8b 7e 33 f4 6c e9 95 ea b3 f6 ce 2f f9 25 4a ae ea 97 94 9f 11 46 84 a9 0c 23 cd 3e 73 c3 3b da f9 85 bf 90 c6 b3 bd fb fd ef ed 7d ff a8 3c 24 b8 77 e8 6f 1e 24 7d 78 48 3f be ff 99 0e fc 97 10 05 ab cf b6 f2 51 45 d4 d3 91 ad ea aa ad da eb 55 3e 9e 67 cd 97 57 cb 97 75 b5 ca eb f6 5a e6 07 4d 47 c2 28 e8 38 ff ec 17 7f fa e9 a7 8f 76 7e c9 21 8d 7e fc d3 9f ad 3f 3b da f9 ec 33 ea 6a fd 7d 1e 09 01 a7 7e 4c eb f3 51 3b fa 5e 36 6a 46 d3 ef 7f 56 8e 2e 89 d4 44 83 6c dc 54 8b 7c 6b 46 6f d2 58 f3 ef cd 88 7a 3c 3f e7 69 b1 4c 9b 3b 84 e1 56 33 3a 27 d2 13 bd 17 df 3b ff fe 67 0d fd a3 e4 03 d4 d5 67 d3 ad e5 9d 5f 82 57 d6 bf f0 17 ae b7 4a 22 dd e3 cc d0 e3 92 66 10 20 f2 51 fb 59 f6 bd cb ef 13 9c fc 7b ed f7 e5 df ef ed 7c 7f eb ce 88 28 42 5f 7c 9f d0 51 fa d2 58 b6 56 77 7e c9 a8 fe ac c9 cb f3 f1 55 3e 59 65 d3 b7 27 f3 f5 f2 6d 36 bb fc fd c1 86 d9 ef bf 2e 36 7f fb 33 3f f3 bd ef 1f d6 63 42 eb 34 9b ce b7 aa f1 a4 58 ce b6 96 eb b2 1c ed dc 01 3f af d6 cd fc 33 ff 63 f9 48 3e a8 ef dc f9 25 77 b6 f8 ff 87 ff 0f ce dd db ee 98 03 00 00 Data Ascii: `I%&/m{JJt`$@iG#)eVe]f@{{;N'?\fdlJ!?~\|?"\|v?Z7yu1m?:4_2r2]nw~1>8Y~YuuLqnUmpjn/_KaA_YYnQ=r/?~r}j]klyUoefq//a'w~1>V7Yg?Msjg~9m~lQwe^_o
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:05:16 GMTAccept-Ranges: bytesETag: "03eb0ff559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:08 GMTContent-Length: 120092Data Raw: 1f 8b 08 00 00 00 00 00 04 00 d4 bd 79 77 db 46 b2 28 fe 7f 3e 05 e4 e4 5d 80 91 48 91 b2 e5 45 b2 ad e3 d8 ce 8d ef 2f 76 72 63 cf f6 28 25 07 22 9b 12 62 0a e0 00 a0 6c 8d ed ef fe eb aa ea a5 7a 01 48 3b b9 ef cd d3 9c 89 09 a0 f7 ae ae ae bd f6 bf dd 49 5e be 78 93 fc 58 cc 44 d9 88 79 f2 ed 7e b2 93 2d d6 e5 ac 2d aa 32 c9 da 41 f2 e1 ab 24 49 d7 8d 48 9a b6 2e 66 6d 7a 2c 9f af f3 3a 11 c9 a3 a4 1d cd ab d9 fa 4a 94 ed 9e 7c 9b 24 a5 7c f7 21 b9 aa e6 eb a5 68 8e 92 0f 9f f6 64 ad bc 5d ab df 6d 71 25 aa 75 7b 94 4c c6 7b 89 b8 96 d5 e0 7d f2 89 2a d7 b2 b2 ed 99 3a 86 bf f6 b2 68 46 d7 f2 63 7a 30 ba 3b ba 8f 03 48 74 a5 0a 47 f1 e3 93 7f fc e5 c5 6f ff f9 e3 4f df 3d f9 31 f9 f8 11 3a c3 af b9 fc 9a c5 da 84 09 b4 f2 a3 18 cd d6 75 2d 07 f2 7a 56 17 ab 56 7d 4d 92 13 ff cb a8 a9 67 e6 eb 51 bc 51 fa 5b 54 75 92 61 fb 7b b8 1e 62 d4 60 0b cd 1e ce b0 1c 2d 45 79 d1 5e 26 c3 64 b2 87 c3 af 8f e5 3f 8f 93 b1 fc 67 38 1c 38 6d 25 49 b1 48 b2 b4 28 5b 51 e7 b2 bf 6b 91 26 8f 1e c9 46 a6 d5 d9 a8 16 f9 fc e6 b5 5c 5e e1 0f 01 57 2d 51 c5 e4 c0 8f 83 af e7 b2 f2 5b ff f5 27 e7 b9 16 ed ba 2e 65 3b 72 3d cb 69 1d 34 f4 69 90 0d f4 b3 2a 9b 95 a3 79 01 93 ac f0 5f 59 51 ae db fa 1c 00 a7 bc c8 e4 9e b7 a3 65 de b4 2f ca b9 78 ff d3 22 4b f7 d3 41 b2 9b 4c 06 aa 1d 68 91 f6 ad 70 40 41 c8 85 b4 53 cc 60 51 4b 68 3c 5d 56 17 a9 aa 81 53 1e cd aa b2 a9 96 22 f9 8f ff 48 d4 cf 69 79 e6 3e 65 e9 32 bf 59 17 89 a8 6b b9 51 97 05 c0 60 2a 47 21 06 0e 5c ad 01 de d6 72 a0 8b a2 14 f3 34 d9 91 60 76 b3 12 d5 22 a9 56 72 2f a0 cd 74 5a 9d ff 2e 66 6d f2 13 bc 39 a3 9d c1 af a3 b6 7a 4d 73 56 a3 5b 02 1c 96 a3 f3 75 b1 6c 0b 3c 24 6a d0 72 2c b2 7b f9 df 74 cf be 11 35 bd 13 35 7f 3b 97 1b 4d ef e1 17 ff b2 ca 2f d4 17 f8 c5 bf b4 ab 25 7d 90 3f 9c 1e e6 45 ab fa 90 bf cc 17 09 ba 57 f2 35 fc 63 de ad 57 cb 2a 9f cb b7 f4 c3 bc 9f d7 d5 6a 5e bd 2b e5 17 fd d3 7c 6b eb bc 6c 16 38 0d fd 93 7d 13 02 df 0b 3b d2 36 3f 5f e2 4b f8 d7 bc 15 4b 71 85 28 22 55 bf cc 97 9a 96 a2 e6 eb 30 ab 96 55 bd 2a 66 6f b1 5b f6 64 4a 34 cb 62 8e 1f e9 87 ad 99 d7 95 c4 6f b0 52 fa a7 5d 91 65 f5 0e 56 44 fe 63 57 a4 2d a0 2c fc c3 7a 9f 0b ec 76 6e 47 f4 fb 3f d7 a2 86 ed a5 1f e6 7d be 84 ea f2 bf e6 0d 81 e4 08 5e 1d f1 07 75 2a 00 30 b3 7a b4 aa ab b6 02 20 1c cd f2 d9 25 a0 df 52 81 97 f3 91 40 d6 39 40 12 13 09 17 f7 c1 21 05 bc 6a 0f 0f 60 a2 54 57 01 58 d6 f0 de da 32 79 07 86 e6 18 b5 ab 57 75 78 71 72 d3 f6 0c 10 e3 60 0f 0e 05 5d 10 f4 6a 67 3c 70 50 0c 7f d0 38 c6 69 2f 3a 62 38 ff 1e 6a 13 0c 61 d7 12 ed 46 31 26 7d d9 0b 3e 00 ce 91 6b be 5c 9e e7 b3 b7 12 13 f6 ac 02 ef b1 1d 84 78 57 6f a7 fb c6 ed 12 f6 85 bd 60 e5 3f 79 f8 b6 02 34 94 65 78 13 c3 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:05:17 GMTAccept-Ranges: bytesETag: "45ac30569eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:09 GMTContent-Length: 678Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 e6 ed a2 4c 7f bc cc ae d7 c5 b4 69 b6 9b b7 c5 72 5a cd 72 fa 3d fd c5 49 9a ce 8a 66 45 5f 3e 4a 97 d5 32 3f a4 0f 56 55 53 b4 45 b5 7c 94 66 93 a6 2a d7 2d 7f 7a 55 cc da f9 a3 74 f7 e1 c1 c3 d5 bb c3 e4 97 24 c9 98 de 5a 17 db 80 b5 3d bf 37 0a fe be 2c f2 2b 86 ee 80 d5 79 99 b5 c5 25 03 3b af 96 ed 76 53 fc 20 27 80 7b 11 70 f6 75 8b dc a4 ac a6 6f f1 ea 22 ab 2f 0a 02 b7 bb b3 7a 97 ee e0 93 55 36 9b 15 cb 8b 47 f2 d7 a4 aa 67 79 4d df d3 d7 84 7d 31 4b 7f 3c cf b9 53 f9 66 bb cc cf db 6d 1d cd a7 e8 9b be c9 a6 6f 2f ea 6a bd 9c 51 f7 65 45 6f ff f8 79 86 ff f0 a5 f9 e4 de bd 7b f8 93 51 3f cf 16 45 49 58 9d 54 eb ba c8 eb f4 45 7e d5 1b c3 fc 1e 8f c0 61 97 02 65 80 98 e7 c5 c5 bc 7d 94 ee eb df 65 b1 a4 e6 9d 0f 15 db 49 d5 b6 d5 a2 3f 9c 7e 67 99 74 67 e9 ed 4f 5e 2d b0 0d 02 6d b5 22 7c f0 9b 19 dc c3 87 0f 7b 30 79 12 fc 0f aa b2 d3 85 3f a5 d5 65 5e 9f 97 d5 15 75 bc 6e ab 5b 01 2b 8b 0d f0 64 9e 79 b6 88 28 f7 05 f1 80 52 7b 3a 9a 08 85 95 78 f2 b2 4f ba 3d fc 87 16 65 d1 10 07 b6 d7 65 be dd 5e af 88 0f 49 20 8a 45 56 d2 3b 19 a0 6d ff 20 af 69 14 69 fa ad a1 96 f8 32 c6 38 e7 e7 b7 1c fc a3 f3 a2 26 d0 d3 79 51 ce 84 10 32 90 6d 9e 1e 19 ca ed 00 95 59 14 8e e5 9d 41 50 ab 3a e7 37 84 d8 44 c1 5e b3 65 d5 e6 04 8f 5b 09 55 09 9e 23 e8 ce 14 ff 31 29 f8 4b 22 1f 49 97 a1 c5 bd 73 fc c7 df f6 09 85 17 e5 55 f3 c9 74 6f 92 3f a4 c9 1f 40 c1 ff 8c f8 dd 61 64 07 2a 1a ec 16 af 33 d9 04 42 1f 31 e0 ac 58 0b 78 8c 69 00 f8 2c 5f 54 3e 64 86 79 59 34 c5 a4 28 8b 96 34 04 ff 5e e6 e9 ef 5a 2c 56 55 dd 66 cb 16 80 0d bd b7 77 95 b1 b5 27 9e 79 e9 c8 7e a6 b2 db f9 74 e3 90 7d ac da 6c 42 1f 2e db 7c d9 32 72 44 0a 30 07 cd e2 60 d7 bf 24 f9 7f 00 d9 88 60 4e 33 06 00 00 Data Ascii: `I%&/m{JJt`$@iG#)eVe]f@{{;N'?\fdlJ!?~\|?"LirZr=IfE_>J2?VUSE\|f-zUt$Z=7,+y%;vS '{puo"/zU6GgyM}1K<Sfmo/jQeEoy{Q?EIXTE~ae}eI?~gtgO^-m"\|{0y?e^un[+dy(R{:xO=ee^I EV;m ii28&yQ2mYAP:7D^e[U#1)K"IsUto?@ad*3B1Xxi,_T>dyY4(4^Z,VUfw'y~t}lB.
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:05:18 GMTAccept-Ranges: bytesETag: "526b211569eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:09 GMTContent-Length: 4173Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 c6 65 76 bd 2e b6 e9 df bc de 2e 16 17 93 ac 1e 25 dd 0f db a2 4d b3 ce c7 6d 36 49 c3 0f 8a b6 cc d3 66 95 2d bb 2d f9 8b 5f 9c a4 69 9b bf 6b b7 ab cb bc 3e 2f ab ab 47 69 5e 96 c5 aa 29 9a 43 fa ea 6a 5e b4 f9 36 bd 3d cd 1f a5 cb ea aa ce 56 87 c9 2f 49 92 79 bb 28 d3 1f 27 40 eb 62 da 34 02 91 61 cd 8a 66 45 7f a1 f1 32 07 84 55 d5 14 6d 51 2d 1f a5 d9 a4 a9 ca 75 cb 9f 5e 15 b3 76 fe 28 dd 7d 78 f0 70 f5 8e 21 fa b8 75 30 6d e6 d9 4c 30 75 c0 ce 8b 77 f9 0c 90 7e 7f f7 99 df c1 aa 2a 96 2d bd 9b 5f e6 cb b6 a1 ef d6 6d d5 eb c7 83 dc 56 ab 47 e9 0e de 2c f3 f3 56 7f 35 58 ee ec fc ee f8 73 9e 17 17 73 fa ce fc fd fb 9b 0f f2 77 ab 3a 6f 1a 42 62 6b 56 4d d7 0b ea 72 3c a9 66 d7 e3 ea fc bc c9 5b 69 96 7e 92 7e bc 7a f7 f1 9d 1e 16 dc ff f6 55 3e 79 5b b8 69 d8 6e a6 75 45 13 b1 bc 78 44 b8 ad a7 73 74 c8 48 ee de df 01 c9 02 44 17 59 7d 51 10 05 f8 8f 55 36 9b f1 7b fc d7 24 9b be bd a8 ab f5 72 b6 3d ad ca aa 7e 94 fe f8 f9 f9 39 be 31 5d fa 2d 68 e6 1f a5 d3 8a 48 b7 6c d1 66 52 d5 33 a2 53 9d cd 8a 35 51 71 4f 7a 9e 54 ef 98 74 e0 96 dd d5 3b fe 3f b0 4a 6b 62 d4 ad 9d 51 aa ff 1b df eb 8f 96 fa a8 1a a1 79 6c e6 7a ad 05 97 4e fb 3a 2f b3 b6 b8 8c b4 17 84 b9 b9 fc 2a 18 12 f8 62 96 fe f8 64 0f ff c9 10 ba 5f 76 71 df 25 dc d1 2e 32 54 fa 7f b7 f5 1e b5 ee e2 52 56 d9 4c 30 b1 14 7e 94 ae eb 72 0b 5f d0 0c 6d ef 8e 2f 8a f3 3b e9 94 06 48 38 eb 8f 65 b5 5d e7 ab 3c 6b d3 1f cf f3 c8 08 8b 69 15 05 4a 9f 2f c7 ab e5 c5 1d 07 a1 ff f2 a4 5d a6 5d 95 31 2b b2 b2 ba 08 b5 06 01 eb b4 22 3e be 2a e8 65 ee db 4a 79 b1 24 16 cd b7 27 65 35 7d 0b 72 7d ab f3 0d 7f f6 83 aa 5a 10 f5 f0 3b 71 77 5b 4c b3 72 3b 2b 8b 0b 9a 48 e2 e8 3e 92 0b 12 82 b0 9b be 32 b1 f2 ff 2d f7 99 e3 a2 40 38 a8 0f fd ed 06 79 9e ae eb 06 02 82 fe f1 77 45 6a af 68 a9 7b 7e f9 bc 28 69 7a a8 97 72 35 cf b6 f4 bb cf 76 68 de fd b9 20 86 0d 84 ec 07 db c5 72 96 bf 23 d1 d9 dd 7f b0 7f 70 ef d3 fd 07 fd 01 93 f2 28 7e 20 43 8e 8f c6 20 4e 9c 87 3f 2d e2 fa 77 2d 7f 32 9a 93 aa 6d 41 6e fe c3 8c a8 c9 b5 0f db 37 f5 9a 2d 8b 05 f7 69 14 01 3e 20 b1 aa 96 db 34 d6 92 a6 61 46 4a 9f e0 b1 ee d9 f8 65 1f c2 6c 5d f3 2f 84 c8 f8 1e 9b 92 e1 ef 08 a5 df d3 40 78 9b 5f 9f d7 d9 22 6f 52 41 72 42 44 9d e6 67 4b 42 94 60 ec fc ee f4 33 a5 47 c9 4f 10 00 da 21 d0 d6 d9 b2 39 af 6a 22 40 43 6c 96 6f ed 8c ef f3 0c 11 1b 0c 7d 45 dd a7 cc 03 5d d8 cc b1 1b 60 8b 86 88
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:05:17 GMTAccept-Ranges: bytesETag: "d64cd90569eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:09 GMTContent-Length: 2345Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 c6 65 76 3d cb da 7c bb c9 db ed eb c5 28 c1 07 eb 62 9b fe c5 c7 dd bf d3 6f 75 3f d9 2e 8b a6 4d 7f 71 92 a6 93 ea dd 76 53 fc a0 58 5e 3c a2 df eb 59 5e 6f d3 47 87 c9 2f 49 92 79 bb 28 d3 1f a7 37 d6 c5 b4 69 cc ab fc d6 ac 68 56 f4 f7 a3 74 59 2d f3 43 fa 60 55 35 45 5b 54 cb 47 69 36 69 aa 72 dd f2 a7 57 c5 ac 9d 3f 4a 77 1f 1e 3c 5c 09 cc 10 8d f4 5b 0c 6d 91 d5 17 05 bd ba 83 77 56 d9 6c c6 d8 d0 5f fd 17 d0 3c de d7 0f b6 8b e5 2c 7f f7 28 fd 54 1f 7c 68 20 df 5f bd 03 3c 0c 97 87 58 67 b3 62 dd 3c 4a f7 80 56 9a 9e 57 cb 16 54 c8 09 d7 7d f9 68 fb 2a 9f bc 2d da ed 6c 59 2c 32 f4 b6 3d 5b d7 fc 0b 61 36 de 6b d0 66 d3 77 fd f7 cf 8b b2 dc 5e 54 33 ea 64 52 b5 73 34 ba e5 97 cb 6c 41 9f 2b 09 b6 67 d5 d5 72 52 b4 11 ea 6c 2f b2 62 c9 24 52 c2 ef 3d e0 01 f6 1b 4e 69 c0 f9 b2 4d db 59 8f 33 e6 79 46 14 1a 62 99 b2 60 f8 6d 9d 2d 65 12 82 a1 df 0b 86 be a1 11 61 f4 7b be cd af cf 6b 1a 59 d3 1d 19 f5 40 50 76 7e 77 fa 99 d2 53 ad b2 69 d1 12 af d1 ab 00 af bd 9f 57 f5 e2 91 fc 5a d2 cb f7 66 5b 3b a3 74 9b 26 7a 94 ee dc 41 3b ea 23 4d 77 77 fa 70 76 f1 ed 26 28 f8 9f 82 20 20 1d 32 34 2d 8d 64 ca 30 1d 23 d6 39 bd 5d 5c 86 8c c8 0c 67 25 a5 58 96 c5 32 df 9e 94 d5 f4 2d be 30 ac c9 ad 0c c9 ec 9c 3b c9 ea 7d a4 28 31 32 d7 8b ed 66 5e 5d a5 f6 83 65 fe ae dd 56 85 c0 1f f4 5a ac ea fc 72 7b c1 f8 5b dc 00 38 fd 5d 8b c5 aa aa db 6c e9 58 8b 5f e8 41 e0 3e ae 6f ec e3 3a ec c3 1f ff 60 5f 6d b1 20 0a 07 b0 44 c5 a5 cd 2a 5b 7e 8f 3e db 6e af 57 f9 67 1f 2f 88 81 e7 1f 7f df 43 e2 d6 af 5e e7 59 bd e1 4d 6f aa 55 14 f4 d3 82 84 c6 7b ab 37 e8 78 6f 8a 68 48 8b 21 7a 53 2f f4 2f 43 d3 be f1 5a 9c cd 98 9a f3 bc b8 98 b7 8f d2 7b 3b 90 73 6a 6a 94 e7 2e 7d 90 3e c0 3f 24 11 1b e0 8b 02 b6 88 f9 93 04 78 97 79 4d cc 9e 95 db 59 59 5c 10 02 a4 9b da 6a b1 01 9e a8 07 87 b1 af a1 db 6a 25 88 e1 0f 8b e9 4e ca 18 a6 e9 b4 2a ab fa 51 fa e3 0f 1f 3e c4 9f be 4e 3e d0 16 eb ba 41 93 55 55 90 fa aa 37 a1 81 8f f9 03 8f 15 cb fc 9c 48 b5 cb dd dd f6 4d 11 14 79 73 ff b6 6f 8a 80 f0 9b b5 cc cf ad 3b e5 57 a5 53 7d 35 e8 95 db 28 a3 a1 8d ea 79 68 39 10 a8 c5 db 3a 55 53 d2 ef a0 91 7e 5a d1 54 9e 97 d5 d5 a3 34 2f cb 62 d5 14 a4 85 49 27 da 4f e7 c5 6c 96 2f f1 d9 d5 bc 40 27 a4 2d 89 f4 cb ea aa ce 56 d1 fe a9 85 18 1b 6f 2a cd ec 0e cd 14 bf cf f2 06 a4 f8 6d d3 74 96 9f 67 eb b2 bd 41 2c 48 06 d9 70 e1 4d c7 65 be 5c 58 6c 0c 2e 64
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:05:16 GMTAccept-Ranges: bytesETag: "03eb0ff559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:09 GMTContent-Length: 15097Data Raw: 1f 8b 08 00 00 00 00 00 04 00 d4 7d 6b 93 e3 38 8e e0 f7 fe 15 be e8 e8 a8 ca 9e 74 8d 2c 3f 33 2b ba 6f 1e b7 3b 33 7b bb 73 b7 3b 8f b8 b9 ee 8e 0d d9 96 d3 8a 92 2d af 24 57 66 f5 46 ff f7 23 29 52 22 41 00 a4 9c d5 7b bb 9d 53 39 29 89 04 49 10 04 40 10 00 df 95 d9 a7 6b 31 2d ce 65 71 ce ef bf 28 4e 4f 93 7f ff 62 32 d9 17 cd 45 7c 79 9c 74 1f a6 db b2 da 7d 78 2f 3e 7c cc eb b6 d8 65 e5 34 2b 8b a7 f3 e3 e4 54 ec f7 65 fe fe 8b 9f be f8 e2 38 bb ff e2 98 8a 7f 73 f1 6f 21 fe 2d c5 bf 95 02 77 a8 ce ed f4 39 2f 9e 8e ed e3 64 91 24 aa 7c 76 ff c5 b6 da 7f 52 05 76 55 59 d5 8f 93 2f e7 f3 b9 fa a6 bb 95 ef 9f 44 a7 f4 c3 31 cf f6 79 dd 3f 9a 2e eb c7 53 56 9c 15 a8 4b d5 14 6d 51 89 be d5 79 99 b5 c5 c7 dc 87 78 ac 55 d1 a3 ee 51 22 47 56 89 a1 1d ca ea f9 71 72 14 63 ca cf 76 2d f1 bb ba b6 53 d9 dd be c1 a6 d8 e7 ce c3 b4 d9 d5 55 59 2a c8 06 d8 f4 05 03 e7 0c 2b 2f 8b 4b df 23 ae 13 db f6 7c 8f 42 80 93 c7 cc 11 02 4a 4c 75 b6 2d f3 fd 00 6e 57 0d 5f af e7 26 2f f3 5d ab 00 4f 4f d5 8f d3 6b 93 d7 d3 ee e5 e3 e4 5c 9d 73 89 3c 31 b9 db 0f 45 4b 7c 3c 35 d8 07 d1 1d 45 56 ff 76 ad da bc a3 05 f1 fb da b6 b2 f9 bd e8 cf be f8 28 7e 95 e2 5f 7b ff c5 a1 aa 4f f7 04 8d 89 a1 9f 2f 57 51 a8 2c ee bf a8 44 05 81 d0 4b 2d 60 b6 02 4a 9b bf b4 59 9d 0b 6a 6b 8f f7 5f 5c bb f9 39 65 f5 53 71 d6 33 7f c9 f6 fb e2 fc a4 9f cc 50 da ec 32 3d 0a fa 28 25 8d 4c 35 81 d6 4f db ec 6d 72 3f d1 ff bb eb 08 f9 31 db 49 3a bb 17 7f 1d e5 0c 76 53 79 6d e5 b4 28 a8 a2 90 99 9c 6d 55 0b 2a b6 70 50 16 ea 7d 59 34 ed b4 69 3f 95 b9 f5 ad 95 33 63 55 93 dd 28 b3 4b 23 ca 98 bf de 0f 1f 9b 4b b6 33 e3 90 eb 11 59 83 4d f1 a3 a8 3b 4b 92 af 3a fc 6b 6c 6b f4 55 97 f6 a9 ae ae 17 f5 57 21 3f 74 33 36 20 71 80 74 c8 4e 45 a9 18 c4 31 af 8b f6 bd db 82 f7 b6 1b 18 7c 6d 58 82 f5 1e a0 4d 4c a3 6a f3 f9 58 b4 b9 1a a1 f8 24 5e 4e 9f eb ec f2 1e 7e 50 04 4a 7f a5 bf 54 ee 37 81 4f f5 f0 38 d9 8a 41 7f 98 ca 17 1d c2 0c c3 52 5c d1 f0 8f d9 bb d5 fb 81 89 01 1a 79 b7 59 de 99 01 8b a2 8b cb cb e4 f7 79 f9 31 97 4b 74 f2 c7 fc 9a df 0f cf f7 93 ff 2d 26 f0 ef b3 f3 d3 e4 4f bf bd 9f fc 39 3b 56 27 f1 f2 d7 75 91 95 f7 93 26 3b 37 62 0d d5 c5 a1 9b df da ef 89 a2 60 43 dc b3 44 b4 85 50 b8 4d 82 93 ff 56 9c 2e 55 dd 66 e7 d6 a2 a4 6d 25 e8 e2 24 20 08 00 4d 55 16 fb c9 97 79 0e cb ee ca 3c 13 50 44 d9 a3 aa 9a ed 3e 48 ea 39 ef 45 33 7a f6 3a 7a 91 c4 33 dd e7 bb aa ce 3a c6 dc d3 b7 bd 5e 8c 08 58 af d7 ba ee 4e cc 90 45 ba 66 6d d4 a7 ac 94 0d 7e bd bb d6 8d ac 72 a9 8a 73 9b d7 0e 83 33 e3 78 b9 f7 5f 4d be d6 4b ea 45 52 ab c2 cb f0 d1 85 62 57 c7 ea 09 56 d9 e6 67 29 19 9c 8a 0a 35 dd a8 5c 24 7d fd 63 a5 f0 ea 15 7e 7c cc 0e 6d 8f 09 05 f4 71 f2 e6 fb 34 79 f3 9e 83 62 4
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Sat, 04 May 2024 19:04:17 GMTAccept-Ranges: bytesETag: "808e85dc559eda1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 26 May 2024 22:21:10 GMTContent-Length: 24726Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec bd 6b 8f e3 ba 92 20 f8 7d 7e 85 bb 2f 0e 50 79 8f ad b6 d3 f9 b4 d1 8d 9e 99 4f 0d cc 62 80 e9 fe b2 b8 38 1f 64 5b ce 54 97 6c 79 65 b9 2a eb 18 75 7f fb f2 29 91 e2 2b f8 90 b3 76 d1 e7 e2 66 d9 b2 18 2f 06 23 82 64 30 98 6d 77 5f 67 f5 b7 a2 a9 f2 1f b3 6d 7d 6c f3 f2 58 34 53 f2 f8 ad aa 37 79 d5 fd fa bd c9 4f a7 a2 b9 9e ea f2 d8 16 cd ac f8 56 1c db f3 ea 58 1f 8b 75 5b 9f 56 f3 75 55 ec 5b f4 cf 7b 51 be bd b7 ab c5 7c fe db fa 7b b9 6b df c9 c7 9f 7a 54 08 dc b9 6c cb fa b8 da 97 1f c5 6e fd e7 ac 3c ee 8a 0f dc 64 6e 68 b2 2a 0e a7 f6 c7 75 57 9e 4f e8 39 21 e0 a7 8d 60 fe e2 be 2a 3e d6 1d ba 7c 73 ae ab 4b 5b 58 30 9e f2 63 71 55 1b 0c 04 90 5f da 7a bd a9 3f 66 e7 f2 cf f2 f8 b6 da d4 cd 0e fd 8a 9e 48 a0 d7 12 19 87 fc 63 d6 cb 86 7c 15 c4 26 93 b1 c9 b7 5f 77 4d 7d d2 90 42 e5 be a9 db b6 3e f4 1d d0 10 40 73 19 bd 8e ea d9 f7 62 f3 b5 6c 67 6d 7e 9a bd a3 46 15 6e 88 04 5d d5 cd aa 6d f2 e3 f9 94 37 e8 ed 35 f9 4c 51 d7 a7 7c 5b b6 3f 26 d9 c3 79 b2 bd 6c ca ed 6c 53 fc 59 16 cd 97 ec fe 71 9a bd 4c f1 3f 8b bb 35 7b 6d 35 d7 b3 a2 7d 38 3b bf d7 df 91 04 af bc f1 82 36 c6 94 91 de 6f f2 73 3b cb b7 6d f9 ad 98 44 80 cd 9e 64 a2 76 79 f3 b5 17 32 fe f0 d6 d4 97 e3 6e d5 bc 6d f2 2f f3 29 fe 5f b6 bc bf 93 5b 09 f2 e9 1a 4f 9d 6f c0 28 54 35 ff 58 6c db 62 37 e3 1a 80 b4 0b 11 88 9a 60 35 bb da 75 5a 56 3c fc 67 b6 2b 1b 04 0f b7 40 7d 7d 39 1c d7 87 f2 c8 d5 f1 f4 41 be 71 6d 3c 7d 48 63 eb bc 6d ea aa da 54 f5 f6 eb 70 e4 0a ea 8c 09 df 57 f5 f7 d9 8f 15 6d f0 33 3b 6e ac 20 ce 6d de 96 5b 06 83 e8 26 87 b1 7a 2f 77 bb e2 f8 f3 9f fe fa 0f ff ed af 93 7f ad ca 6d 71 3c 17 e8 e3 ff ac 4f 3f 88 a6 4f fe fb d7 6f 45 9d 4d fe 7b 55 4d fe 0f 7e 70 9e fc 9f e2 5c 34 df 8a 5d 86 de fb 5f b4 c5 6e 82 24 56 34 93 f6 bd 98 fc 5f ff f6 1f fc 71 36 f9 f7 a2 e8 be b4 1f ed a4 3c 92 77 4e 4d fd 9f 48 48 93 a6 ae db c9 be 6e 26 0c 33 fa 1d 7d 3b e4 98 6c 04 fe 9f de db 43 75 d5 0e ff 9f 7f 9d fe 75 b5 29 d0 db 05 fa 90 ef d1 e8 13 5f 2c 8f ef 45 53 b6 3f 31 80 e9 a6 de fd b8 1e f2 e6 ad 3c a2 81 7b ca 77 b8 73 91 1e 10 e8 15 b2 7a 5d 87 64 8b c7 7e dc 16 1f 2d 06 57 cc f2 dd 7f 5e ce cc 78 48 b0 7e be 2f ae 7b 34 76 c8 6b ab fb e2 b0 66 bf 64 4f cf c5 61 82 7e 97 88 c2 c3 8c e8 2b b2 5e 0c e3 bc ef 8a 6f e5 b9 dc 54 c5 cf 53 53 50 a0 fb fc 50 56 3f 56 87 fa 58 23 4d df 16 d3 ee d3 ba 47 ba 28 0e 3f 73 61 5c a9 06 e6 67 be d9 34 7f 6b cb b6 2a fe b8 76 02 24 46 8d ba 17 cc e7 ae d8 d6 0d 11 fb 8a f4 24 96 8a 2c 09 dd 1b 93 1d 82 83 b4 d3 f5 c2 cf cd f4 dc 36 35 1a 84 84 f0 ef 94 f7 4d 5d a1 d7 7e 6e eb 5d 31 fd ba d9 4d cf f9 e1 e4 c9 f9 f9 90 57 95 d0 05 2f a8 87 ce 17 84 ed 72 12 9e 3e 3f fe b6 16 bb 79 de 3b aa

Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: http://teleglsam.fitSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://teleglsam.fit/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?token=ad76fbd92e6bbb HTTP/1.1Host: ipinfo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: http://teleglsam.fitSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://teleglsam.fit/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: www.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/css/font-awesome.min.css HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/css/bootstrap.min.css HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/jquery-3.5.1.min.js HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/layui-v2.6.8/layui/layui.js HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/download/filename.js HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /runtime.d0a0d8313f8d1e00.js HTTP/1.1Host: teleglsam.fitConnection: keep-aliveOrigin: http://teleglsam.fitUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /polyfills.9225875df2b05e64.js HTTP/1.1Host: teleglsam.fitConnection: keep-aliveOrigin: http://teleglsam.fitUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /main.33015c0d456461f7.js HTTP/1.1Host: teleglsam.fitConnection: keep-aliveOrigin: http://teleglsam.fitUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/layui-v2.6.8/layui/css/layui.css HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/layui-v2.6.8/layui/css/modules/laydate/default/laydate.css?v=5.3.1 HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/layui-v2.6.8/layui/css/modules/layer/default/layer.css?v=3.5.1 HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/layui-v2.6.8/layui/css/modules/code.css?v=2 HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/datas/countries/phoneCode.json HTTP/1.1Host: teleglsam.fitConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/images/logo.jpg HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /styles.e2974b719a0acf9b.css HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://teleglsam.fit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/datas/countries/phoneCode.json HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/images/logo.jpg HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: teleglsam.fitConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: teleglsam.fit
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: ipinfo.io

Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: chromecache_83.2.dr	String found in binary or memory: https://ipinfo.io/pricing
Source: chromecache_83.2.dr	String found in binary or memory: https://ipinfo.io/support
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://meo.pt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: sets.json.0.dr	String found in binary or memory: https://sapo.io
Source: sets.json.0.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.0.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53409
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49723 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6392_2057701636\manifest.fingerprint	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_6392_354112782

Jump to behavior

Source: classification engine

Classification label: mal72.phis.win@17/57@13/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2208,i,17692718109581764152,846259027756642193,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://teleglsam.fit/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2208,i,17692718109581764152,846259027756642193,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1447725
Product:	CloudBasic
Start time:	00:20:18
Start date:	27.05.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://teleglsam.fit/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://teleglsam.fit/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://teleglsam.fit/