Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
izCOFC8OWh.exe

Overview

General Information

Sample name:izCOFC8OWh.exe
renamed because original name is a hash value
Original sample name:8513d85822ec820592542026eca0fd8b71cacf15e2d9d3c8a6d564c7899dcf90.exe
Analysis ID:1569325
MD5:d7326ecb2bda34ba1dc81c821e6f32af
SHA1:59362f6d162758adf219397bcc11c80ad0ca8fc3
SHA256:8513d85822ec820592542026eca0fd8b71cacf15e2d9d3c8a6d564c7899dcf90
Tags:exeuser-adrian__luca
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Creates an undocumented autostart registry key
Deletes itself after installation
Machine Learning detection for dropped file
Machine Learning detection for sample
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
HTML page contains string obfuscation
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Explorer Process Tree Break
Sigma detected: Use NTFS Short Name in Command Line
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • izCOFC8OWh.exe (PID: 1936 cmdline: "C:\Users\user\Desktop\izCOFC8OWh.exe" MD5: D7326ECB2BDA34BA1DC81C821E6F32AF)
    • webcam_plugin.exe (PID: 2144 cmdline: C:\Users\user\AppData\Roaming\webcam_plugin.exe MD5: 3DF8C3A266B8A05D3165884FEDA0972A)
      • webcam_plugin.exe (PID: 1804 cmdline: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe MD5: 3DF8C3A266B8A05D3165884FEDA0972A)
      • webcam_plugin.exe (PID: 5172 cmdline: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe MD5: 3DF8C3A266B8A05D3165884FEDA0972A)
        • cmd.exe (PID: 5236 cmdline: C:\Windows\system32\cmd.exe /c ERRORR~1.BAT MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 5332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • explorer.exe (PID: 3776 cmdline: explorer http://ukrnic.com/~freexp/index.php MD5: DD6597597673F72E10C9DE7901FBA0A8)
      • cmd.exe (PID: 1340 cmdline: C:\Windows\system32\cmd.exe /c UNISTA~1.BAT MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 4208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 1908 cmdline: C:\Windows\system32\cmd.exe /c UNISTA~1.BAT MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • explorer.exe (PID: 2196 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: 662F4F92FDE3557E86D110526BB578D5)
    • chrome.exe (PID: 3476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://ukrnic.com/~freexp/index.php MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 1616 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1980,i,6152101684222983417,8796225915089315324,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Microsot_Centre\dymstudioee.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe, ProcessId: 1804, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\IExploreupdate
Sigma detected: Explorer Process Tree Break
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems), @gott_cyber: Data: Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, CommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 752, ProcessCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ProcessId: 2196, ProcessName: explorer.exe
Sigma detected: Use NTFS Short Name in Command Line
Source: Process startedAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c UNISTA~1.BAT, CommandLine: C:\Windows\system32\cmd.exe /c UNISTA~1.BAT, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\webcam_plugin.exe, ParentImage: C:\Users\user\AppData\Roaming\webcam_plugin.exe, ParentProcessId: 2144, ParentProcessName: webcam_plugin.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c UNISTA~1.BAT, ProcessId: 1340, ProcessName: cmd.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: izCOFC8OWh.exeAvira: detected
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeAvira: detection malicious, Label: TR/Crypt.ASPM.Gen
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeAvira: detection malicious, Label: TR/Crypt.ASPM.Gen
Multi AV Scanner detection for submitted file
Source: izCOFC8OWh.exeReversingLabs: Detection: 97%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: izCOFC8OWh.exeJoe Sandbox ML: detected
Source: https://get.mycounter.ua/counter2.0.jsHTTP Parser: Found new string: script var my_flash,my_m,undef,my_id,my_width,my_height,my_alt,my_img;.var my_j=0,my_s,my_rr,my_tf,my_fs,my_blocked='*',my_dst;.var my_h='mycounter.ua/';..if (my_alt == undef) my_alt = 'MyCounter';.if (my_width == undef || my_height == undef || my_width == 0 || my_height == 0) {. my_width = undef;. my_height = undef;.}.if (my_id == undef) my_id = 0;.if (my_img == undef) my_img = '';.if (typeof(screen)!=typeof(undef)) my_s=screen;.var my_stats_url="https://"+my_h+"stats/?id="+my_id;.document.cookie="s=1;path=/";..// get JavaScript version.var my_tmp = '';.for (var i=0; i<=9; i++) {. my_tmp += '<scr'+'ipt lang'+'uage="JavaScr'+'ipt';. if (i) my_tmp += '1.'+i;. my_tmp += '">my_j='+i+';</scr'+'ipt>';.}.my_tmp += '<scr'+'ipt language="JavaScr'+'ipt"></script>';.document.write(my_tmp);..// get Shockwave Flash version.my_flash = getFlash();.// get GMT.my_gmt = getGMT();.my_rr = my_tf = my_fs = '';..try { if (parent!=window) my_rr = escape(parent.document.referrer); }.catch(e) { my_rr = my_blocked }.try { if (self!=top...
Source: https://ukrnic.com/~freexp/index.phpHTTP Parser: No favicon
Source: izCOFC8OWh.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /~freexp/index.php HTTP/1.1Host: ukrnic.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /templates/ukrnic/css/style.css HTTP/1.1Host: ukrnic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ukrnic.com/~freexp/index.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /templates/ukrnic/css/user.css HTTP/1.1Host: ukrnic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ukrnic.com/~freexp/index.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /user/classes/js/jquery.js?v=0d74b HTTP/1.1Host: ukrnic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ukrnic.com/~freexp/index.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /user/classes/js/jqueryui.js?v=0d74b HTTP/1.1Host: ukrnic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ukrnic.com/~freexp/index.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /templates/ukrnic/images/head_bg.jpg HTTP/1.1Host: ukrnic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ukrnic.com/templates/ukrnic/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /templates/ukrnic/images/logo.png HTTP/1.1Host: ukrnic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ukrnic.com/~freexp/index.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /templates/ukrnic/images/head_l.jpg HTTP/1.1Host: ukrnic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ukrnic.com/~freexp/index.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /templates/ukrnic/images/head_r.jpg HTTP/1.1Host: ukrnic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ukrnic.com/~freexp/index.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /templates/ukrnic/images/liqpay6.png HTTP/1.1Host: ukrnic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ukrnic.com/~freexp/index.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /user/classes/js/dle_js.js?v=0d74b HTTP/1.1Host: ukrnic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ukrnic.com/~freexp/index.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /user/classes/js/jquery.js?v=0d74b HTTP/1.1Host: ukrnic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /user/classes/js/jqueryui.js?v=0d74b HTTP/1.1Host: ukrnic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /counter2.0.js HTTP/1.1Host: get.mycounter.uaConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ukrnic.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /templates/ukrnic/images/head_bg.jpg HTTP/1.1Host: ukrnic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /templates/ukrnic/images/logo.png HTTP/1.1Host: ukrnic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /templates/ukrnic/images/head_l.jpg HTTP/1.1Host: ukrnic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /templates/ukrnic/images/foot_r.jpg HTTP/1.1Host: ukrnic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ukrnic.com/~freexp/index.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /templates/ukrnic/images/head_r.jpg HTTP/1.1Host: ukrnic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /templates/ukrnic/images/liqpay6.png HTTP/1.1Host: ukrnic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /user/classes/js/dle_js.js?v=0d74b HTTP/1.1Host: ukrnic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
Source: global trafficHTTP traffic detected: GET /counter.php?id=122274&w=https%3A//ukrnic.com/%7Efreexp/index.php&s=1280x1024x24&c=1&j=5&gmt=-5&dst=1 HTTP/1.1Host: get.mycounter.uaConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ukrnic.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /counter2.0.js HTTP/1.1Host: get.mycounter.uaConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /templates/ukrnic/images/foot_r.jpg HTTP/1.1Host: ukrnic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353; s=1
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ukrnic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ukrnic.com/~freexp/index.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353; s=1
Source: global trafficHTTP traffic detected: GET /counter.php?id=122274&w=https%3A//ukrnic.com/%7Efreexp/index.php&s=1280x1024x24&c=1&j=5&gmt=-5&dst=1 HTTP/1.1Host: get.mycounter.uaConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ukrnic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353; s=1
Source: global trafficHTTP traffic detected: GET /~freexp/index.php HTTP/1.1Host: ukrnic.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: savudenko.org
Source: global trafficDNS traffic detected: DNS query: mh29.mobyhost.ru
Source: global trafficDNS traffic detected: DNS query: sava80.co.ua
Source: global trafficDNS traffic detected: DNS query: ukrnic.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: get.mycounter.ua
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Dec 2024 17:04:26 GMTServer: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353; path=/; domain=.ukrnic.com; secure; HttpOnlyConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8
Source: chromecache_171.22.dr, chromecache_150.22.drString found in binary or memory: http://jqueryui.com
Source: webcam_plugin.exe, 00000002.00000002.3384374031.0000000000639000.00000004.00000020.00020000.00000000.sdmp, webcam_plugin.exe, 00000002.00000002.3384374031.0000000000653000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mh29.mobyhost.ru/
Source: webcam_plugin.exe, 00000002.00000002.3384374031.0000000000639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mh29.mobyhost.ru/d
Source: webcam_plugin.exe, 00000002.00000002.3384374031.0000000000653000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mh29.mobyhost.ru/gk
Source: webcam_plugin.exe, 00000002.00000002.3384374031.0000000000639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mh29.mobyhost.ru/lS
Source: webcam_plugin.exe, 00000002.00000002.3384374031.0000000000653000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mh29.mobyhost.ru/~m59077/addlist/addlist.url
Source: webcam_plugin.exe, 00000002.00000002.3384374031.0000000000653000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mh29.mobyhost.ru/~m59077/addlist/addlist.url5kl
Source: webcam_plugin.exe, 00000002.00000002.3384374031.0000000000653000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mh29.mobyhost.ru/~m59077/addlist/addlist.url;k
Source: webcam_plugin.exe, 00000002.00000002.3384374031.0000000000653000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mh29.mobyhost.ru/~m59077/addlist/addlist.urlAh
Source: webcam_plugin.exe, 00000004.00000002.3384781598.000000000065D000.00000004.00000020.00020000.00000000.sdmp, webcam_plugin.exe, 00000004.00000002.3384781598.000000000069C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sava80.co.ua/addlist/addlist.url
Source: webcam_plugin.exe, 00000004.00000002.3384781598.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sava80.co.ua/addlist/addlist.url3
Source: webcam_plugin.exe, 00000004.00000002.3384781598.000000000065D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sava80.co.ua/addlist/addlist.url?
Source: webcam_plugin.exe, 00000004.00000002.3384781598.000000000069C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sava80.co.ua/addlist/addlist.urlRd
Source: webcam_plugin.exe, 00000004.00000002.3384781598.0000000000640000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sava80.co.ua/addlist/addlist.urlV
Source: webcam_plugin.exe, 00000004.00000002.3384781598.000000000069C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sava80.co.ua/addlist/addlist.urlqdj
Source: webcam_plugin.exe, 00000002.00000002.3384374031.0000000000639000.00000004.00000020.00020000.00000000.sdmp, webcam_plugin.exe, 00000002.00000002.3384374031.0000000000616000.00000004.00000020.00020000.00000000.sdmp, webcam_plugin.exe, 00000002.00000002.3384374031.00000000005FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://savudenko.org/addlist/addlist.url
Source: webcam_plugin.exe, 00000002.00000002.3384374031.0000000000616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://savudenko.org/addlist/addlist.urls
Source: webcam_plugin.exe, 00000002.00000002.3384374031.0000000000639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://savudenko.org/addlist/addlist.urlz
Source: explorer.exe, 00000012.00000003.3111738774.00000000007BF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3113285812.0000000000750000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3113494486.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.3113285812.0000000000773000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.3111863724.00000000007AA000.00000004.00000020.00020000.00000000.sdmp, ErrorReport.bat.4.drString found in binary or memory: http://ukrnic.com/~freexp/index.php
Source: explorer.exe, 00000012.00000002.3113285812.000000000079F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ukrnic.com/~freexp/index.php2
Source: explorer.exe, 00000012.00000002.3113285812.000000000079F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ukrnic.com/~freexp/index.phpD
Source: explorer.exe, 00000012.00000002.3113494486.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.3111863724.00000000007AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ukrnic.com/~freexp/index.phpQ
Source: explorer.exe, 00000012.00000002.3113494486.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.3111863724.00000000007AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ukrnic.com/~freexp/index.phpU
Source: explorer.exe, 00000011.00000002.2518980652.0000000003480000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2518200020.0000000003370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ukrnic.com/~freexp/index.phpWinsta0
Source: explorer.exe, 00000012.00000002.3113578075.00000000007C0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.3111738774.00000000007BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ukrnic.com/~freexp/index.phpd
Source: explorer.exe, 00000011.00000002.2518980652.0000000003480000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2518200020.0000000003370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ukrnic.com/~freexp/index.phpexplorer
Source: explorer.exe, 00000011.00000003.2517042689.00000000034AB000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000002.2519222940.00000000034AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ukrnic.com/~freexp/index.phpl
Source: explorer.exe, 00000012.00000002.3113285812.000000000079F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ukrnic.com/~freexp/index.phpm
Source: explorer.exe, 00000012.00000002.3113578075.00000000007C0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.3111738774.00000000007BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ukrnic.com/~freexp/index.phposoft
Source: webcam_plugin.exe, 00000002.00000002.3384374031.0000000000653000.00000004.00000020.00020000.00000000.sdmp, webcam_plugin.exe, 00000004.00000002.3384781598.00000000006B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
Source: izCOFC8OWh.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: webcam_plugin.exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: webcam_plugin.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: izCOFC8OWh.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: izCOFC8OWh.exeStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: webcam_plugin.exe.0.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: webcam_plugin.exe.1.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: izCOFC8OWh.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESERVED size: 0x100000 address: 0x0
Source: webcam_plugin.exe.0.drStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESERVED size: 0x100000 address: 0x0
Source: webcam_plugin.exe.1.drStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESERVED size: 0x100000 address: 0x0
Source: classification engineClassification label: mal84.winEXE@37/49@15/4
Source: C:\Users\user\Desktop\izCOFC8OWh.exeFile created: C:\Users\user\AppData\Roaming\Microsot_Centre\Jump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1136:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4208:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5332:120:WilError_03
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c UNISTA~1.BAT
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
Source: C:\Users\user\Desktop\izCOFC8OWh.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\izCOFC8OWh.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: izCOFC8OWh.exeReversingLabs: Detection: 97%
Source: C:\Users\user\Desktop\izCOFC8OWh.exeFile read: C:\Users\user\Desktop\izCOFC8OWh.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\izCOFC8OWh.exe "C:\Users\user\Desktop\izCOFC8OWh.exe"
Source: C:\Users\user\Desktop\izCOFC8OWh.exeProcess created: C:\Users\user\AppData\Roaming\webcam_plugin.exe C:\Users\user\AppData\Roaming\webcam_plugin.exe
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeProcess created: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeProcess created: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c UNISTA~1.BAT
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\izCOFC8OWh.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c UNISTA~1.BAT
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ERRORR~1.BAT
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe explorer http://ukrnic.com/~freexp/index.php
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://ukrnic.com/~freexp/index.php
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1980,i,6152101684222983417,8796225915089315324,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\izCOFC8OWh.exeProcess created: C:\Users\user\AppData\Roaming\webcam_plugin.exe C:\Users\user\AppData\Roaming\webcam_plugin.exeJump to behavior
Source: C:\Users\user\Desktop\izCOFC8OWh.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c UNISTA~1.BATJump to behavior
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeProcess created: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeProcess created: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c UNISTA~1.BATJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ERRORR~1.BATJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe explorer http://ukrnic.com/~freexp/index.phpJump to behavior
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://ukrnic.com/~freexp/index.phpJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1980,i,6152101684222983417,8796225915089315324,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\izCOFC8OWh.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\izCOFC8OWh.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: aepic.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: ninput.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: actxprxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: aepic.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ninput.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: actxprxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mlang.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Access\Capabilities\UrlAssociationsJump to behavior
Source: izCOFC8OWh.exeStatic PE information: section name: .aspack
Source: izCOFC8OWh.exeStatic PE information: section name: .adata
Source: webcam_plugin.exe.0.drStatic PE information: section name: .aspack
Source: webcam_plugin.exe.0.drStatic PE information: section name: .adata
Source: webcam_plugin.exe.1.drStatic PE information: section name: .aspack
Source: webcam_plugin.exe.1.drStatic PE information: section name: .adata
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeFile created: C:\Users\user\AppData\Roaming\Microsot_Centre\smartoszi.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeFile created: C:\Users\user\AppData\Roaming\Microsot_Centre\dymstudioee.exe (copy)Jump to dropped file
Source: C:\Users\user\Desktop\izCOFC8OWh.exeFile created: C:\Users\user\AppData\Roaming\webcam_plugin.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeFile created: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeJump to dropped file

Boot Survival

barindex
Creates an undocumented autostart registry key
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run IExploreupdateJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run IExploreupdateJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run IExploreupdateJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run IExploreupdateJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run IExploreupdateJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run IExploreupdateJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run IExploreupdateJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run IExploreupdateJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Deletes itself after installation
Source: C:\Windows\SysWOW64\cmd.exeFile deleted: c:\users\user\desktop\izcofc8owh.exeJump to behavior
Source: C:\Users\user\Desktop\izCOFC8OWh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\izCOFC8OWh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeThread delayed: delay time: 3600000Jump to behavior
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeThread delayed: delay time: 3600000Jump to behavior
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exe TID: 4144Thread sleep time: -3600000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exe TID: 4144Thread sleep time: -3600000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep count: 149 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -8940000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 2268Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep count: 188 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe TID: 6568Thread sleep time: -11280000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeThread delayed: delay time: 3600000Jump to behavior
Source: C:\Users\user\AppData\Roaming\webcam_plugin.exeThread delayed: delay time: 3600000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeThread delayed: delay time: 60000Jump to behavior
Source: explorer.exe, 00000012.00000003.3111738774.00000000007BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\S
Source: webcam_plugin.exe, 00000002.00000002.3384374031.0000000000639000.00000004.00000020.00020000.00000000.sdmp, webcam_plugin.exe, 00000004.00000002.3384781598.0000000000678000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: explorer.exe, 00000012.00000003.3111738774.00000000007BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}RAGE#VB
Source: C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe explorer http://ukrnic.com/~freexp/index.phpJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		11
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		21
Virtualization/Sandbox Evasion		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
DLL Side-Loading		11
Process Injection		Security Account Manager21
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS2
System Information Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
File Deletion		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1569325 Sample: izCOFC8OWh.exe Startdate: 05/12/2024 Architecture: WINDOWS Score: 84 57 savudenko.org 2->57 59 sava80.co.ua 2->59 61 3 other IPs or domains 2->61 77 Antivirus / Scanner detection for submitted sample 2->77 79 Multi AV Scanner detection for submitted file 2->79 81 Machine Learning detection for sample 2->81 83 AI detected suspicious sample 2->83 10 izCOFC8OWh.exe 4 2->10         started        13 explorer.exe 12 2->13         started        signatures3 process4 file5 49 C:\Users\user\AppData\...\webcam_plugin.exe, PE32 10->49 dropped 51 C:\...\webcam_plugin.exe:Zone.Identifier, ASCII 10->51 dropped 15 webcam_plugin.exe 5 10->15         started        19 cmd.exe 1 10->19         started        21 chrome.exe 13->21         started        process6 dnsIp7 53 C:\Users\user\AppData\...\webcam_plugin.exe, PE32 15->53 dropped 55 C:\...\webcam_plugin.exe:Zone.Identifier, ASCII 15->55 dropped 71 Antivirus detection for dropped file 15->71 73 Machine Learning detection for dropped file 15->73 24 webcam_plugin.exe 4 12 15->24         started        28 webcam_plugin.exe 2 13 15->28         started        30 cmd.exe 1 15->30         started        75 Deletes itself after installation 19->75 32 conhost.exe 19->32         started        69 239.255.255.250 unknown Reserved 21->69 34 chrome.exe 21->34         started        file8 signatures9 process10 dnsIp11 45 C:\Users\user\...\dymstudioee.exe (copy), PE32 24->45 dropped 85 Antivirus detection for dropped file 24->85 87 Creates an undocumented autostart registry key 24->87 89 Machine Learning detection for dropped file 24->89 47 C:\Users\user\...\smartoszi.exe (copy), PE32 28->47 dropped 37 cmd.exe 1 28->37         started        39 conhost.exe 30->39         started        63 www.google.com 142.250.181.68, 443, 49816, 49992 GOOGLEUS United States 34->63 65 get.mycounter.ua 62.149.0.249, 443, 49839, 49855 COLOCALLInternetDataCenterColoCALLUA Ukraine 34->65 67 ukrnic.com 91.197.17.8, 443, 49799, 49800 ASTRATELKOM-ASUA Ukraine 34->67 file12 signatures13 process14 process15 41 explorer.exe 37->41         started        43 conhost.exe 37->43         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
izCOFC8OWh.exe97%ReversingLabsWin32.Trojan.Dacic
izCOFC8OWh.exe100%AviraTR/Crypt.ASPM.Gen
izCOFC8OWh.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe100%AviraTR/Crypt.ASPM.Gen
C:\Users\user\AppData\Roaming\webcam_plugin.exe100%AviraTR/Crypt.ASPM.Gen
C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe100%Joe Sandbox ML
C:\Users\user\AppData\Roaming\webcam_plugin.exe100%Joe Sandbox ML

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://ukrnic.com/user/classes/js/dle_js.js?v=0d74b0%Avira URL Cloudsafe
http://sava80.co.ua/addlist/addlist.url30%Avira URL Cloudsafe
https://ukrnic.com/templates/ukrnic/images/foot_r.jpg0%Avira URL Cloudsafe
http://mh29.mobyhost.ru/lS0%Avira URL Cloudsafe
http://mh29.mobyhost.ru/0%Avira URL Cloudsafe
http://mh29.mobyhost.ru/~m59077/addlist/addlist.url;k0%Avira URL Cloudsafe
https://get.mycounter.ua/counter2.0.js0%Avira URL Cloudsafe
http://mh29.mobyhost.ru/~m59077/addlist/addlist.urlAh0%Avira URL Cloudsafe
https://ukrnic.com/favicon.ico0%Avira URL Cloudsafe
http://sava80.co.ua/addlist/addlist.url0%Avira URL Cloudsafe
https://ukrnic.com/templates/ukrnic/images/logo.png0%Avira URL Cloudsafe
http://sava80.co.ua/addlist/addlist.url?0%Avira URL Cloudsafe
https://ukrnic.com/templates/ukrnic/css/user.css0%Avira URL Cloudsafe
http://savudenko.org/addlist/addlist.urls0%Avira URL Cloudsafe
https://ukrnic.com/templates/ukrnic/images/liqpay6.png0%Avira URL Cloudsafe
http://mh29.mobyhost.ru/~m59077/addlist/addlist.url0%Avira URL Cloudsafe
http://mh29.mobyhost.ru/d0%Avira URL Cloudsafe
http://sava80.co.ua/addlist/addlist.urlqdj0%Avira URL Cloudsafe
https://ukrnic.com/templates/ukrnic/images/head_r.jpg0%Avira URL Cloudsafe
http://sava80.co.ua/addlist/addlist.urlV0%Avira URL Cloudsafe
http://sava80.co.ua/addlist/addlist.urlRd0%Avira URL Cloudsafe
https://ukrnic.com/templates/ukrnic/css/style.css0%Avira URL Cloudsafe
https://ukrnic.com/user/classes/js/jquery.js?v=0d74b0%Avira URL Cloudsafe
https://ukrnic.com/templates/ukrnic/images/head_l.jpg0%Avira URL Cloudsafe
http://savudenko.org/addlist/addlist.urlz0%Avira URL Cloudsafe
https://ukrnic.com/user/classes/js/jqueryui.js?v=0d74b0%Avira URL Cloudsafe
http://savudenko.org/addlist/addlist.url0%Avira URL Cloudsafe
https://ukrnic.com/templates/ukrnic/images/head_bg.jpg0%Avira URL Cloudsafe
http://mh29.mobyhost.ru/gk0%Avira URL Cloudsafe
http://mh29.mobyhost.ru/~m59077/addlist/addlist.url5kl0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
get.mycounter.ua
62.149.0.249
truefalse
    		unknown
    www.google.com
    		142.250.181.68
    		truefalse
      		high
      ukrnic.com
      		91.197.17.8
      		truefalse
        		unknown
        ax-0001.ax-msedge.net
        		150.171.28.10
        		truefalse
          		high
          fp2e7a.wpc.phicdn.net
          		192.229.221.95
          		truefalse
            		high
            savudenko.org
            		unknown
            		unknownfalse
              		unknown
              mh29.mobyhost.ru
              		unknown
              		unknownfalse
                		unknown
                sava80.co.ua
                		unknown
                		unknownfalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://ukrnic.com/user/classes/js/dle_js.js?v=0d74bfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ukrnic.com/templates/ukrnic/images/foot_r.jpgfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://get.mycounter.ua/counter2.0.jsfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ukrnic.com/favicon.icofalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ukrnic.com/templates/ukrnic/images/logo.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ukrnic.com/templates/ukrnic/css/user.cssfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ukrnic.com/templates/ukrnic/images/head_r.jpgfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ukrnic.com/templates/ukrnic/images/liqpay6.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ukrnic.com/templates/ukrnic/css/style.cssfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ukrnic.com/templates/ukrnic/images/head_l.jpgfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ukrnic.com/user/classes/js/jquery.js?v=0d74bfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ukrnic.com/user/classes/js/jqueryui.js?v=0d74bfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ukrnic.com/templates/ukrnic/images/head_bg.jpgfalse
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://mh29.mobyhost.ru/lSwebcam_plugin.exe, 00000002.00000002.3384374031.0000000000639000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://mh29.mobyhost.ru/webcam_plugin.exe, 00000002.00000002.3384374031.0000000000639000.00000004.00000020.00020000.00000000.sdmp, webcam_plugin.exe, 00000002.00000002.3384374031.0000000000653000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://mh29.mobyhost.ru/~m59077/addlist/addlist.url;kwebcam_plugin.exe, 00000002.00000002.3384374031.0000000000653000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://sava80.co.ua/addlist/addlist.url3webcam_plugin.exe, 00000004.00000002.3384781598.000000000065D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://jqueryui.comchromecache_171.22.dr, chromecache_150.22.drfalse
                    		high
                    http://mh29.mobyhost.ru/~m59077/addlist/addlist.urlAhwebcam_plugin.exe, 00000002.00000002.3384374031.0000000000653000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://sava80.co.ua/addlist/addlist.urlwebcam_plugin.exe, 00000004.00000002.3384781598.000000000065D000.00000004.00000020.00020000.00000000.sdmp, webcam_plugin.exe, 00000004.00000002.3384781598.000000000069C000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://sava80.co.ua/addlist/addlist.url?webcam_plugin.exe, 00000004.00000002.3384781598.000000000065D000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://sava80.co.ua/addlist/addlist.urlqdjwebcam_plugin.exe, 00000004.00000002.3384781598.000000000069C000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://savudenko.org/addlist/addlist.urlswebcam_plugin.exe, 00000002.00000002.3384374031.0000000000616000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://mh29.mobyhost.ru/~m59077/addlist/addlist.urlwebcam_plugin.exe, 00000002.00000002.3384374031.0000000000653000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://mh29.mobyhost.ru/dwebcam_plugin.exe, 00000002.00000002.3384374031.0000000000639000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://sava80.co.ua/addlist/addlist.urlRdwebcam_plugin.exe, 00000004.00000002.3384781598.000000000069C000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://sava80.co.ua/addlist/addlist.urlVwebcam_plugin.exe, 00000004.00000002.3384781598.0000000000640000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://savudenko.org/addlist/addlist.urlzwebcam_plugin.exe, 00000002.00000002.3384374031.0000000000639000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://mh29.mobyhost.ru/gkwebcam_plugin.exe, 00000002.00000002.3384374031.0000000000653000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://savudenko.org/addlist/addlist.urlwebcam_plugin.exe, 00000002.00000002.3384374031.0000000000639000.00000004.00000020.00020000.00000000.sdmp, webcam_plugin.exe, 00000002.00000002.3384374031.0000000000616000.00000004.00000020.00020000.00000000.sdmp, webcam_plugin.exe, 00000002.00000002.3384374031.00000000005FE000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://mh29.mobyhost.ru/~m59077/addlist/addlist.url5klwebcam_plugin.exe, 00000002.00000002.3384374031.0000000000653000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    62.149.0.249
                    		get.mycounter.uaUkraine
                    		15497COLOCALLInternetDataCenterColoCALLUAfalse
                    91.197.17.8
                    		ukrnic.comUkraine
                    		43320ASTRATELKOM-ASUAfalse
                    142.250.181.68
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1569325
                    Start date and time:2024-12-05 18:02:49 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 6m 11s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:25
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:izCOFC8OWh.exe
                    renamed because original name is a hash value
                    Original Sample Name:8513d85822ec820592542026eca0fd8b71cacf15e2d9d3c8a6d564c7899dcf90.exe
                    Detection:MAL
                    Classification:mal84.winEXE@37/49@15/4
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.17.46, 173.194.220.84, 172.217.17.78, 23.218.208.109, 172.217.17.67, 34.104.35.123
                    • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, tse1.mm.bing.net, clientservices.googleapis.com, g.bing.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, fe3cr.delivery.mp.microsoft.com, ris.api.iris.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, edgedl.me.gvt1.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, update.googleapis.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net
                    • Execution Graph export aborted for target webcam_plugin.exe, PID 1804 because there are no executed function
                    • Execution Graph export aborted for target webcam_plugin.exe, PID 5172 because there are no executed function
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • VT rate limit hit for: izCOFC8OWh.exe

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    12:03:41API Interceptor477x Sleep call for process: webcam_plugin.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    239.255.255.250file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      https://ln5.sync.com/dl/3c61e3b30#gum48d7j-5vgyh9gy-tcjv9rp4-ffxvqp5fGet hashmaliciousUnknownBrowse
                        https://tippfloorcovering-my.sharepoint.com/:f:/g/personal/inderjeet_tippfloor_com/EpEIzIGDzrlMs2z8rWgki5MBO5-d64iEaOqqeF3ulFqTiw?e=T39wglGet hashmaliciousUnknownBrowse
                          f5TWdT5EAc.exeGet hashmaliciousPhorpiex, RHADAMANTHYS, XmrigBrowse
                            http://web-cronith.azurewebsites.netGet hashmaliciousUnknownBrowse
                              http://web-quorvyn.azurewebsites.netGet hashmaliciousTechSupportScamBrowse
                                Https://25sep26ww.z13.web.core.windows.net/#Get hashmaliciousUnknownBrowse
                                  http://kitces.emlnk1.comGet hashmaliciousUnknownBrowse
                                    https://vacilandoblog.wordpress.com/2015/04/22/a-tribute-to-my-mother-in-law-rest-in-peace-april-22-2015/Get hashmaliciousUnknownBrowse
                                      https://sendgb.com/Aw8gObHpGVR?utm_medium=dZJEAfc2MGnvjBDGet hashmaliciousHTMLPhisherBrowse
                                        62.149.0.249http://pint77.com/Get hashmaliciousUnknownBrowse

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          get.mycounter.uahttp://pint77.com/Get hashmaliciousUnknownBrowse
                                          • 62.149.0.249
                                          fp2e7a.wpc.phicdn.netTPDKSYfEac.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 192.229.221.95
                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                          • 192.229.221.95
                                          https://ln5.sync.com/dl/3c61e3b30#gum48d7j-5vgyh9gy-tcjv9rp4-ffxvqp5fGet hashmaliciousUnknownBrowse
                                          • 192.229.221.95
                                          FWAvf7mctB.exeGet hashmaliciousGuLoaderBrowse
                                          • 192.229.221.95
                                          clfCnDEDd1.exeGet hashmaliciousRemcosBrowse
                                          • 192.229.221.95
                                          MOV-0903787857-(Jmulvey)MMS0%3A28.mp4.htmlGet hashmaliciousHTMLPhisherBrowse
                                          • 192.229.221.95
                                          9V4TlKwcz3.exeGet hashmaliciousScreenConnect ToolBrowse
                                          • 192.229.221.95
                                          uC70JKtV2B.exeGet hashmaliciousScreenConnect ToolBrowse
                                          • 192.229.221.95
                                          cxYwMzCUCd.exeGet hashmaliciousScreenConnect ToolBrowse
                                          • 192.229.221.95
                                          t4U6b6M0ZH.exeGet hashmaliciousScreenConnect ToolBrowse
                                          • 192.229.221.95
                                          ax-0001.ax-msedge.netTPDKSYfEac.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 150.171.27.10
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 150.171.28.10
                                          BQ_PO#385995.exeGet hashmaliciousRedLine, Snake Keylogger, VIP Keylogger, XWormBrowse
                                          • 150.171.28.10
                                          iS2mAc7AK9.exeGet hashmaliciousRHADAMANTHYSBrowse
                                          • 150.171.28.10
                                          msan.exe.bin.exeGet hashmaliciousUnknownBrowse
                                          • 150.171.27.10
                                          https://fujipharma.box.com/s/pezxwn32zbr37fbrrrqh18g3y8eulbk2Get hashmaliciousUnknownBrowse
                                          • 150.171.28.10
                                          file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                          • 150.171.27.10
                                          Mark Oakland shared _Quadrant Events Project Approval_ with you.(1).eml.msgGet hashmaliciousUnknownBrowse
                                          • 150.171.27.10
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 150.171.28.10
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 150.171.27.10

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          COLOCALLInternetDataCenterColoCALLUApayload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                          • 62.149.0.30
                                          List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                          • 62.149.0.30
                                          ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                          • 62.149.0.30
                                          splmips.elfGet hashmaliciousUnknownBrowse
                                          • 31.28.168.19
                                          download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                          • 62.149.0.30
                                          wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                          • 62.149.0.30
                                          http://pint77.com/Get hashmaliciousUnknownBrowse
                                          • 62.149.0.249
                                          DHL_2017128_Receipt_Document,pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 31.28.171.149
                                          DHL_2017128_Receipt_Document,pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 31.28.171.149
                                          DHL_2017128_Receipt_Document,pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 31.28.171.149

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\Users\user\AppData\Roaming\Microsot_Centre\dymstudioee.exe (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):88836
                                          Entropy (8bit):5.912663764479893
                                          Encrypted:false
                                          SSDEEP:1536:NJVxqmQSMvEhyEwhND3ugqqM/D2XkQ5XRBMtxjMSmnaR:NzftMvLdnD3ZFK2XL57MtxNR
                                          MD5:3DF8C3A266B8A05D3165884FEDA0972A
                                          SHA1:40512A38AF7381C44F3B7CEEF9B23AE8AAE5A406
                                          SHA-256:7313DE176B715480DBAC1A071B7487B14D19955D3EDAEAEC83B51A7872C9AC2E
                                          SHA-512:A37A92F4049DBCF9D3337BC94105BD4C3C4C4AF0C580206C370D0758AF4B826850B01D284551C5D0A3005D7AEE883170E3C071639BB8AFDD5F2BE6C724971B9D
                                          Malicious:true
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................6....................@..............................................@...................................@......................................................<o......................................................CODE................................@...DATA................................@...BSS.................................@....idata..............................@....tls................................@....rdata....... ......................@....reloc.......0......................@....rsrc.... ...@... ..................@....aspack.. ...`......................@....adata..............................@...................................................................................................

                                          C:\Users\user\AppData\Roaming\Microsot_Centre\smartoszi.exe (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):88836
                                          Entropy (8bit):5.912663764479893
                                          Encrypted:false
                                          SSDEEP:1536:NJVxqmQSMvEhyEwhND3ugqqM/D2XkQ5XRBMtxjMSmnaR:NzftMvLdnD3ZFK2XL57MtxNR
                                          MD5:3DF8C3A266B8A05D3165884FEDA0972A
                                          SHA1:40512A38AF7381C44F3B7CEEF9B23AE8AAE5A406
                                          SHA-256:7313DE176B715480DBAC1A071B7487B14D19955D3EDAEAEC83B51A7872C9AC2E
                                          SHA-512:A37A92F4049DBCF9D3337BC94105BD4C3C4C4AF0C580206C370D0758AF4B826850B01D284551C5D0A3005D7AEE883170E3C071639BB8AFDD5F2BE6C724971B9D
                                          Malicious:true
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................6....................@..............................................@...................................@......................................................<o......................................................CODE................................@...DATA................................@...BSS.................................@....idata..............................@....tls................................@....rdata....... ......................@....reloc.......0......................@....rsrc.... ...@... ..................@....aspack.. ...`......................@....adata..............................@...................................................................................................

                                          C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\webcam_plugin.exe
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):88836
                                          Entropy (8bit):5.912663764479893
                                          Encrypted:false
                                          SSDEEP:1536:NJVxqmQSMvEhyEwhND3ugqqM/D2XkQ5XRBMtxjMSmnaR:NzftMvLdnD3ZFK2XL57MtxNR
                                          MD5:3DF8C3A266B8A05D3165884FEDA0972A
                                          SHA1:40512A38AF7381C44F3B7CEEF9B23AE8AAE5A406
                                          SHA-256:7313DE176B715480DBAC1A071B7487B14D19955D3EDAEAEC83B51A7872C9AC2E
                                          SHA-512:A37A92F4049DBCF9D3337BC94105BD4C3C4C4AF0C580206C370D0758AF4B826850B01D284551C5D0A3005D7AEE883170E3C071639BB8AFDD5F2BE6C724971B9D
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Avira, Detection: 100%
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................6....................@..............................................@...................................@......................................................<o......................................................CODE................................@...DATA................................@...BSS.................................@....idata..............................@....tls................................@....rdata....... ......................@....reloc.......0......................@....rsrc.... ...@... ..................@....aspack.. ...`......................@....adata..............................@...................................................................................................

                                          C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe:Zone.Identifier

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\webcam_plugin.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):26
                                          Entropy (8bit):3.95006375643621
                                          Encrypted:false
                                          SSDEEP:3:ggPYV:rPYV
                                          MD5:187F488E27DB4AF347237FE461A079AD
                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                          Malicious:true
                                          Preview:[ZoneTransfer]....ZoneId=0

                                          C:\Users\user\AppData\Roaming\Unistalliveshows.bat

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\webcam_plugin.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:modified
                                          Size (bytes):88
                                          Entropy (8bit):4.96155051036315
                                          Encrypted:false
                                          SSDEEP:3:So+rHyikwL4gSNhFHznkwL4g4qsDArHw1NTzYhKovn:S/Hyik+4gSNh9znk+4g4KHw1NTzYhKyn
                                          MD5:26199B59CEF06027DB6F39366619D6D6
                                          SHA1:0A19890F82523ED503E768824147972F315D57F4
                                          SHA-256:32B4E655A8B984235FEDD1EF4AAE003FB275F6E897E2843C126A240C01D2A53C
                                          SHA-512:C91553C9539703DE26D37D20544FF214DD0473ECD3AA73981B5F45F08274C885DA6C55A491272537C139001BB7E93882E83B432A95D0A711B5C715057AF9C370
                                          Malicious:false
                                          Preview::try..DEL "WEBCAM~1.EXE"..IF EXIST "WEBCAM~1.EXE" GOTO try..DEL "Unistalliveshows.bat"..

                                          C:\Users\user\AppData\Roaming\webcam_plugin.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\izCOFC8OWh.exe
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):88836
                                          Entropy (8bit):5.912663764479893
                                          Encrypted:false
                                          SSDEEP:1536:NJVxqmQSMvEhyEwhND3ugqqM/D2XkQ5XRBMtxjMSmnaR:NzftMvLdnD3ZFK2XL57MtxNR
                                          MD5:3DF8C3A266B8A05D3165884FEDA0972A
                                          SHA1:40512A38AF7381C44F3B7CEEF9B23AE8AAE5A406
                                          SHA-256:7313DE176B715480DBAC1A071B7487B14D19955D3EDAEAEC83B51A7872C9AC2E
                                          SHA-512:A37A92F4049DBCF9D3337BC94105BD4C3C4C4AF0C580206C370D0758AF4B826850B01D284551C5D0A3005D7AEE883170E3C071639BB8AFDD5F2BE6C724971B9D
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Avira, Detection: 100%
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................6....................@..............................................@...................................@......................................................<o......................................................CODE................................@...DATA................................@...BSS.................................@....idata..............................@....tls................................@....rdata....... ......................@....reloc.......0......................@....rsrc.... ...@... ..................@....aspack.. ...`......................@....adata..............................@...................................................................................................

                                          C:\Users\user\AppData\Roaming\webcam_plugin.exe:Zone.Identifier

                                          Download File
                                          Process:C:\Users\user\Desktop\izCOFC8OWh.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):26
                                          Entropy (8bit):3.95006375643621
                                          Encrypted:false
                                          SSDEEP:3:ggPYV:rPYV
                                          MD5:187F488E27DB4AF347237FE461A079AD
                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                          Malicious:true
                                          Preview:[ZoneTransfer]....ZoneId=0

                                          C:\Users\user\Desktop\ErrorReport.bat

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):69
                                          Entropy (8bit):4.564621195720475
                                          Encrypted:false
                                          SSDEEP:3:4jRVf2iLB1KKQHy8gHMwVKBGyn:4t/7UHy8gsg6n
                                          MD5:52B14C41247D9F9B80353FEF0E7FE994
                                          SHA1:E979D7F56DAB3398F813D2946D2657C408AE4125
                                          SHA-256:BEE996E03394439179BBD79AA2DE132F5B901075F0212E40036CB8C92E1A1197
                                          SHA-512:C303A8A07C6148C1700715052C0EA415FDB0CA90DD794DAF81438F9D78EA89A97519E5ED44D4BCF2171EC2DF7C28897F51AFD3514B1664A940A9439917B5B6AF
                                          Malicious:false
                                          Preview:explorer http://ukrnic.com/~freexp/index.php..DEL "ErrorReport.bat"..

                                          C:\Users\user\Desktop\Unistalliveshows.bat

                                          Download File
                                          Process:C:\Users\user\Desktop\izCOFC8OWh.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:modified
                                          Size (bytes):88
                                          Entropy (8bit):4.8720386132769455
                                          Encrypted:false
                                          SSDEEP:3:So+rHs/mqj1L47NhFH5Y1L41qsDArHw1NTzYhKovn:S/HsuqjB47Nh95YB41KHw1NTzYhKyn
                                          MD5:26461A2E9E7AF8F50998898268F66363
                                          SHA1:A728DE14E9D122CA6C8EF279D86937C43424FD25
                                          SHA-256:E16529170CAF314E7FD6B267090CCD66AA4C06247AB17B84EEF070355E50A7BA
                                          SHA-512:3143B3BB93F02F760DDCADEB9F8418C3F38C5B0B28BE2FE8FA5E94D6F1D3C640A450B2E66B84722D3BEF1537D67A42771BF828D330B3AE93C046F623718147F2
                                          Malicious:false
                                          Preview::try..DEL "IZCOFC~1.EXE"..IF EXIST "IZCOFC~1.EXE" GOTO try..DEL "Unistalliveshows.bat"..

                                          Chrome Cache Entry: 149

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 6x67, components 3
                                          Category:downloaded
                                          Size (bytes):1339
                                          Entropy (8bit):6.450737433708996
                                          Encrypted:false
                                          SSDEEP:24:7K1hpunQWwjx82lY2T32HEVrSKKcyJ3VZHK0UmlG+OhOLHyp6cPGCh:sitNn2VgJ3GEChOLyp6cP5
                                          MD5:0324663849AD24E87F11AC1D6516320F
                                          SHA1:37CEAFDAC709E5818089BA53787C9B517C36A67C
                                          SHA-256:20B89C628474D9E755331C942445AE271E7664855B4CF6F263D8B2105B124A57
                                          SHA-512:EC696DC3FE375AC76ADCB89CB36B52B23DB092C24559A8130DB6F7CB218E90C081D25C12D581C66A4B247CF1FE313C42C39AD37D9DCB6A00170BF9C63E468F37
                                          Malicious:false
                                          URL:https://ukrnic.com/templates/ukrnic/images/head_l.jpg
                                          Preview:......Exif..II*.................Ducky.......<.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:B38CAF87EABA11DF9EC5AC1C3F361E6E" xmpMM:DocumentID="xmp.did:B38CAF88EABA11DF9EC5AC1C3F361E6E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B38CAF85EABA11DF9EC5AC1C3F361E6E" stRef:documentID="xmp.did:B38CAF86EABA11DF9EC5AC1C3F361E6E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................

                                          Chrome Cache Entry: 150

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (18446)
                                          Category:downloaded
                                          Size (bytes):96190
                                          Entropy (8bit):5.204592287727612
                                          Encrypted:false
                                          SSDEEP:1536:m05y+RkV1zWQGPe2Yw3kub7wwxFLn0IR0HoKcu3RiiHf3ma8yAJYMye:S+jTi2u3EiHf3ma0Jrye
                                          MD5:0595E298FE7D89DBA01F17568493A734
                                          SHA1:B2099FDD5B5D744FBB5DE8B3F0618C522F4CE44D
                                          SHA-256:54A82CB12E6E213C3B94FB1674617997E730F8FB5A44237800881DC439814C1C
                                          SHA-512:23BFEB927C1385C28198E97EE4A54C898CD77349BBF93F3AF43223F2EE2B4C162E65C5648EEF3CC1FB456D5029ED4B52CE7C1AA14F3B92C4E60B5FDC42F6537C
                                          Malicious:false
                                          URL:https://ukrnic.com/user/classes/js/jqueryui.js?v=0d74b
                                          Preview:/*! jQuery UI - v1.9.2 - 2012-11-23.* http://jqueryui.com.* Includes: jquery.ui.core.js.* Copyright 2012 jQuery Foundation and other contributors; Licensed MIT */.(function(e,t){function i(t,n){var r,i,o,u=t.nodeName.toLowerCase();return"area"===u?(r=t.parentNode,i=r.name,!t.href||!i||r.nodeName.toLowerCase()!=="map"?!1:(o=e("img[usemap=#"+i+"]")[0],!!o&&s(o))):(/input|select|textarea|button|object/.test(u)?!t.disabled:"a"===u?t.href||n:n)&&s(t)}function s(t){return e.expr.filters.visible(t)&&!e(t).parents().andSelf().filter(function(){return e.css(this,"visibility")==="hidden"}).length}var n=0,r=/^ui-id-\d+$/;e.ui=e.ui||{};if(e.ui.version)return;e.extend(e.ui,{version:"1.9.2",keyCode:{BACKSPACE:8,COMMA:188,DELETE:46,DOWN:40,END:35,ENTER:13,ESCAPE:27,HOME:36,LEFT:37,NUMPAD_ADD:107,NUMPAD_DECIMAL:110,NUMPAD_DIVIDE:111,NUMPAD_ENTER:108,NUMPAD_MULTIPLY:106,NUMPAD_SUBTRACT:109,PAGE_DOWN:34,PAGE_UP:33,PERIOD:190,RIGHT:39,SPACE:32,TAB:9,UP:38}}),e.fn.extend({_focus:e.fn.focus,focus:function(

                                          Chrome Cache Entry: 151

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text
                                          Category:dropped
                                          Size (bytes):3653
                                          Entropy (8bit):5.206042262538661
                                          Encrypted:false
                                          SSDEEP:96:CD0nc0Wu7WncMvOTOhs25CKbadAkRaVUvxV:q0nc0t7WncMvOam2lbadAkRaVUvxV
                                          MD5:60DD4A0324B6A778A81131C4DC6B2998
                                          SHA1:A723D940F991F781044A948E4F423331646BF70A
                                          SHA-256:266A3771EF39C4855333A8FF90D4A48D8C19F2DDB561CEB41A5A8AB4747304F8
                                          SHA-512:FB313685DF29C20B324C3A0A8CA3096664DC4ED2AB7283C515FAF4C03D5371BB49757D553C2868378F5EB3903E36EE61BBCB2A0A10533242E5E764DCC13CA5C6
                                          Malicious:false
                                          Preview:var my_flash,my_m,undef,my_id,my_width,my_height,my_alt,my_img;.var my_j=0,my_s,my_rr,my_tf,my_fs,my_blocked='*',my_dst;.var my_h='mycounter.ua/';..if (my_alt == undef) my_alt = 'MyCounter';.if (my_width == undef || my_height == undef || my_width == 0 || my_height == 0) {. my_width = undef;. my_height = undef;.}.if (my_id == undef) my_id = 0;.if (my_img == undef) my_img = '';.if (typeof(screen)!=typeof(undef)) my_s=screen;.var my_stats_url="https://"+my_h+"stats/?id="+my_id;.document.cookie="s=1;path=/";..// get JavaScript version.var my_tmp = '';.for (var i=0; i<=9; i++) {. my_tmp += '<scr'+'ipt lang'+'uage="JavaScr'+'ipt';. if (i) my_tmp += '1.'+i;. my_tmp += '">my_j='+i+';</scr'+'ipt>';.}.my_tmp += '<scr'+'ipt language="JavaScr'+'ipt"></script>';.document.write(my_tmp);..// get Shockwave Flash version.my_flash = getFlash();.// get GMT.my_gmt = getGMT();.my_rr = my_tf = my_fs = '';..try { if (parent!=window) my_rr = escape(parent.document.referrer); }.catch(e) { my_rr = my_block

                                          Chrome Cache Entry: 152

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text, with very long lines (38999), with no line terminators
                                          Category:downloaded
                                          Size (bytes):38999
                                          Entropy (8bit):5.3023564522926945
                                          Encrypted:false
                                          SSDEEP:768:VjpnX6gCsHxXed31au/mZD4bX5jVpcUSNLRvA1lZF:VjpfxXed31au/GDGVpc/NLRvA1lz
                                          MD5:604E99214C677DCBBF0A5733A573E994
                                          SHA1:365CE769F328EC16EE405E704623C31386379163
                                          SHA-256:97618DAC21AA7D54B7CEDBBFAE803A9EFCA58FA176D51C36FE0F96B712DCFF6A
                                          SHA-512:FC2EE49010C8D169A76360DF1FBB3BE63FF3B2163236A005E6F1448FE2900A369681380BA263AA16C1DB5E338E5F4790D0B8103698846D4C9326ED0F3C0DED02
                                          Malicious:false
                                          URL:https://ukrnic.com/user/classes/js/dle_js.js?v=0d74b
                                          Preview:var c_cache=[],dle_poll_voted=[];function reload(){var e=(new Date).getTime();document.getElementById("dle-captcha").innerHTML='<img src="'+dle_root+"user/modules/antibot/antibot.php?rndval="+e+'" width="160" height="80" alt="" />'}function dle_change_sort(e,o){var t=document.getElementById("news_set_sort");return t.dlenewssortby.value=e,t.dledirection.value=o,t.submit(),!1}function doPoll(e,o){var t=document.getElementById("dlepollform_"+o),i=t.status.value,n="";if(1!=dle_poll_voted[o]){if("results"!=e&&1!=i){for(var d=0;d<t.elements.length;d++){var l=t.elements[d];if("radio"==l.type&&1==l.checked){n=l.value;break}"checkbox"==l.type&&1==l.checked&&(n=n+l.value+" ")}if("vote"==e&&""==n)return;dle_poll_voted[o]=1}else i=1,t.status.value=1;1==i&&"vote"==e&&(i=0,t.status.value=0,e="list"),ShowLoading(""),$.post(dle_root+"user/ajax/controller.php?mod=poll",{news_id:o,action:e,answer:n,dle_skin:dle_skin,user_hash:dle_login_hash},function(e){HideLoading(""),$("#dle-poll-list-"+o).fadeOut

                                          Chrome Cache Entry: 153

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ISO-8859 text
                                          Category:downloaded
                                          Size (bytes):17693
                                          Entropy (8bit):5.193601462236965
                                          Encrypted:false
                                          SSDEEP:192:DRu/rqVKqnwVaWRRhGNV600A87QmxMQ5YcS:X8pVFThGfIA8smxMQ5YcS
                                          MD5:B355DB4FFE28B22FD0F0834172789766
                                          SHA1:E934EF7056CEB7C39344BCA74A244F29C0F2F211
                                          SHA-256:203136393471237E11BB3EE3FD92EDC2CF983960D3C336F860914BB426FF0FAC
                                          SHA-512:98D35C0E46D2ADD43235D50A1A90809B77E43149B2D4D5E9DF0B11CD8C4684A4EA66CEA6BF679D362207975CE6666B6A610475D62AD951DC5C6FA6F03403079D
                                          Malicious:false
                                          URL:https://ukrnic.com/templates/ukrnic/css/style.css
                                          Preview:/* WHOIS SERWIS*/..tested{.background-image:url(../images/whois.jpg);.width:860px;.height: 146px;}..td_tdl{..font-family:arial;..font-size:14px;..color:#333333;..font-weight:bold;..text-align: left;.}..td_www{..font-family:arial;..font-size:24px;..color:#333333;..font-weight:bold;..text-align: center;.}../* ....... ..... ........ .......*/..headline {..border: 0px solid #000000; ..cursor: pointer; . text-align: center;..font-family:arial;..font-size:24px;..color:#0099ff;..font-weight:bold;.}..hidden {.display: none; .border: 0px solid #ff0000; .text-align: center; .margin-top: 2px;.}../* =========== MY STYLE ========= */....body{padding-top: 30px;...font-family: Arial, Helvetica, sans-serif;...color: #333333;...background-color: white;...margin: 0;}..img{border:none;}..a{font-family: Arial, Helvetica, sans-serif;...color: #333333;}..a:hover{text-decoration:none;}..ul{.font-size: 24px;...list-style:none;...height: 41px;}..li{display:inline;}..ul hostplan{.font-size: 14px;...list-sty

                                          Chrome Cache Entry: 154

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x67, components 3
                                          Category:dropped
                                          Size (bytes):1226
                                          Entropy (8bit):6.182953729187001
                                          Encrypted:false
                                          SSDEEP:24:7K1hpunQWwjx82lY2T32HEVZsVo8ZiyJ3VZkDw218GBAn2MM:sitNn2Vzsi8rJ3PuFa14
                                          MD5:06DD9EF3C5E01A9913FDD7C7F3F6917B
                                          SHA1:A122919C97777BA05405580DECC9CFA614347AC7
                                          SHA-256:EED9A76600A11346EF9F955DD19FC5F69888784E03A39D5B7DA0BFBD9CD72384
                                          SHA-512:B738DE47BEDD46ED0DA040D1F04CEFF131EC9C1D40C8AC82F85344548FB415A93568EFAE4DB2C59316B62AB94EEE8D2B411028E365FFB44997E28933E746E9FB
                                          Malicious:false
                                          Preview:......Exif..II*.................Ducky.......<.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:93F324ADEABA11DFA689D2E71F9E059F" xmpMM:DocumentID="xmp.did:93F324AEEABA11DFA689D2E71F9E059F"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:93F324ABEABA11DFA689D2E71F9E059F" stRef:documentID="xmp.did:93F324ACEABA11DFA689D2E71F9E059F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................

                                          Chrome Cache Entry: 155

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text, with very long lines (38999), with no line terminators
                                          Category:dropped
                                          Size (bytes):38999
                                          Entropy (8bit):5.3023564522926945
                                          Encrypted:false
                                          SSDEEP:768:VjpnX6gCsHxXed31au/mZD4bX5jVpcUSNLRvA1lZF:VjpfxXed31au/GDGVpc/NLRvA1lz
                                          MD5:604E99214C677DCBBF0A5733A573E994
                                          SHA1:365CE769F328EC16EE405E704623C31386379163
                                          SHA-256:97618DAC21AA7D54B7CEDBBFAE803A9EFCA58FA176D51C36FE0F96B712DCFF6A
                                          SHA-512:FC2EE49010C8D169A76360DF1FBB3BE63FF3B2163236A005E6F1448FE2900A369681380BA263AA16C1DB5E338E5F4790D0B8103698846D4C9326ED0F3C0DED02
                                          Malicious:false
                                          Preview:var c_cache=[],dle_poll_voted=[];function reload(){var e=(new Date).getTime();document.getElementById("dle-captcha").innerHTML='<img src="'+dle_root+"user/modules/antibot/antibot.php?rndval="+e+'" width="160" height="80" alt="" />'}function dle_change_sort(e,o){var t=document.getElementById("news_set_sort");return t.dlenewssortby.value=e,t.dledirection.value=o,t.submit(),!1}function doPoll(e,o){var t=document.getElementById("dlepollform_"+o),i=t.status.value,n="";if(1!=dle_poll_voted[o]){if("results"!=e&&1!=i){for(var d=0;d<t.elements.length;d++){var l=t.elements[d];if("radio"==l.type&&1==l.checked){n=l.value;break}"checkbox"==l.type&&1==l.checked&&(n=n+l.value+" ")}if("vote"==e&&""==n)return;dle_poll_voted[o]=1}else i=1,t.status.value=1;1==i&&"vote"==e&&(i=0,t.status.value=0,e="list"),ShowLoading(""),$.post(dle_root+"user/ajax/controller.php?mod=poll",{news_id:o,action:e,answer:n,dle_skin:dle_skin,user_hash:dle_login_hash},function(e){HideLoading(""),$("#dle-poll-list-"+o).fadeOut

                                          Chrome Cache Entry: 156

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 88 x 51, 8-bit colormap, non-interlaced
                                          Category:downloaded
                                          Size (bytes):834
                                          Entropy (8bit):7.644263095582123
                                          Encrypted:false
                                          SSDEEP:24:HFLYpGNcQApnHu6hL4gdCU4tilUF1sShFgE:lLYwpgOsCUgilUsSl
                                          MD5:7CE87098ECD36FFBA933108D93A1801F
                                          SHA1:E07AD8D7310ECCB82AB6391E8A4E7D11EF11A27F
                                          SHA-256:7B7090DE94AB13E86191FA2CBC3A259A7605129801A1F65B8E9F1DE6885606DC
                                          SHA-512:91647390C8A95E28516EAAFE0B0D9D47A1A919D98D385FFF2DAC9FE4A343AF6D5DB508792D9185BA708C1ED4B984C2456D7AD349F00CAFCAC02134B309F0575C
                                          Malicious:false
                                          URL:https://get.mycounter.ua/counter.php?id=122274&w=https%3A//ukrnic.com/%7Efreexp/index.php&s=1280x1024x24&c=1&j=5&gmt=-5&dst=1
                                          Preview:.PNG........IHDR...X...3.....$x?....ZPLTE...)R.R..Z..c..c..k..s..{................{....s..k..c....R..J..B..9..1..!.................K6....pHYs..........+......IDATXG.mw.0...4PX].......s'.!.."...FL..r3S.p..>Uc....F,./.>...D.F1.....3.f|D.[V.Q..>..w6....>.,.y.)...b.E........X&.Alh..A..6..gz..>.S.5b....N.<.`..l^5.-x....<.C...\.t.:.f).Jw.q.k...X..wE.E...E.N..J...b.[.o.....rD.J$..._.~...X%...z.l5.K.*....G.~...Y.Z.qP.DA(UM...i*.....,o...X.7..}S..R.n......).....~J.>.......C=.+......:v...%\.......A.n..-R.....O.p.#.hAO.{G...@..Z.,&:....UaJ.....:..Q.y..su.M..7..k.w..R.}...R..8.>.X.....]....C.gd.G*...T.%..U.jU..h/..G...e.......4:.d....)..A[_~....}A....K......y/.W....t..3.....d.....B{....K....\..x'!.j.J.....:....b.........P...`.z..i...Pn......E.....x.c..8.O<.q..^......ooU.4 .?.....?.....G`.....IEND.B`.

                                          Chrome Cache Entry: 157

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x67, components 3
                                          Category:downloaded
                                          Size (bytes):1226
                                          Entropy (8bit):6.182953729187001
                                          Encrypted:false
                                          SSDEEP:24:7K1hpunQWwjx82lY2T32HEVZsVo8ZiyJ3VZkDw218GBAn2MM:sitNn2Vzsi8rJ3PuFa14
                                          MD5:06DD9EF3C5E01A9913FDD7C7F3F6917B
                                          SHA1:A122919C97777BA05405580DECC9CFA614347AC7
                                          SHA-256:EED9A76600A11346EF9F955DD19FC5F69888784E03A39D5B7DA0BFBD9CD72384
                                          SHA-512:B738DE47BEDD46ED0DA040D1F04CEFF131EC9C1D40C8AC82F85344548FB415A93568EFAE4DB2C59316B62AB94EEE8D2B411028E365FFB44997E28933E746E9FB
                                          Malicious:false
                                          URL:https://ukrnic.com/templates/ukrnic/images/head_bg.jpg
                                          Preview:......Exif..II*.................Ducky.......<.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:93F324ADEABA11DFA689D2E71F9E059F" xmpMM:DocumentID="xmp.did:93F324AEEABA11DFA689D2E71F9E059F"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:93F324ABEABA11DFA689D2E71F9E059F" stRef:documentID="xmp.did:93F324ACEABA11DFA689D2E71F9E059F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................

                                          Chrome Cache Entry: 158

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x67, components 3
                                          Category:dropped
                                          Size (bytes):2431
                                          Entropy (8bit):7.445085534154306
                                          Encrypted:false
                                          SSDEEP:48:sitNn2VaEDiJ389Q8GDPbqEft9MKpyynjRZR5QQgiOm4:l2YED59Q5bln171OL
                                          MD5:89890396FE4591B2875F0B0164FE9C22
                                          SHA1:2CB1CACE0E6116FE382FE828D1743ADCF9E6FC68
                                          SHA-256:2DCFF68F03953EA23F23FC5E8C37504FF96264DAB832E2371FB01B0C616E6ABC
                                          SHA-512:39156DE5474ED9C4F305AC98D41BBCE9E3851935F9FC4D867B5B37E8E46E8C695BC1B2F14BE2CD27879BD1CB9ADA5044E3F81D367EEB026E96E160410676C271
                                          Malicious:false
                                          Preview:......Exif..II*.................Ducky.......<.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:496B1D45EAC011DFA8A38BE171313417" xmpMM:DocumentID="xmp.did:496B1D46EAC011DFA8A38BE171313417"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:496B1D43EAC011DFA8A38BE171313417" stRef:documentID="xmp.did:496B1D44EAC011DFA8A38BE171313417"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................

                                          Chrome Cache Entry: 159

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:assembler source, ISO-8859 text, with very long lines (314)
                                          Category:downloaded
                                          Size (bytes):22611
                                          Entropy (8bit):5.403021228493747
                                          Encrypted:false
                                          SSDEEP:384:Ea2j5UWULj9Po7/AT+GYkbN7xVBFdYKyy:Ea2j5UWUL5Po7lGYkbN7xVBFdYo
                                          MD5:28D49B344FCDCA1634B83AF97C0FA2D9
                                          SHA1:007E910D61014D8FDEE05A349DDBBC207132ECC2
                                          SHA-256:8E25D9DF1B8574FF7AE925B3E9B043CE3A69BD0F0F83AD942E7F009D9D6ED347
                                          SHA-512:78313DD0A83AE4185C19BBAFEDEE7AA25DB5F80B9480A7406C4AAE65B3CC04324A7F78DEABE68A26149D558CA5457C60D1E3556A4CD85FD39079AC8DFAF2D978
                                          Malicious:false
                                          URL:https://ukrnic.com/templates/ukrnic/css/user.css
                                          Preview:/* DEFAULT STYLES OF DATALIFE user */./* ....... ..... ........ .......*/..headline {.border: 0px solid #000000; .cursor: pointer; .text-align: center;.}..hidden {.display: none; .border: 0px solid #ff0000; .text-align: center; .margin-top: 2px;.}../* ==================== ..... ..... .. ......... */..form { ..padding-top: 0px;..padding-bottom: 0px;...padding-right: 0px; ..padding-left: 0px; ..margin: 0px;.}../* ==================== .............. ..... ........ AJAX */.#loading-layer {..display:none;..font-family: Verdana;font-size: 11px;..background:#000;padding:10px;..text-align:center;..border:1px solid #000;..color: #FFF;..border-radius: 5px;..-webkit-border-radius: 5px; . -moz-border-radius: 5px;.}../* ==================== ..... ...... */..archives {..margin-left: 0px;.}..archives a {..color: #43637e;.}../* ==================== ...... . ....... ..... */...title_quote {..color:#545454;..background-color:#FBCB3C;..border:1px dotted #bebebe; ..border-bottom: 0;..font-weight: bo

                                          Chrome Cache Entry: 160

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text
                                          Category:downloaded
                                          Size (bytes):3653
                                          Entropy (8bit):5.206042262538661
                                          Encrypted:false
                                          SSDEEP:96:CD0nc0Wu7WncMvOTOhs25CKbadAkRaVUvxV:q0nc0t7WncMvOam2lbadAkRaVUvxV
                                          MD5:60DD4A0324B6A778A81131C4DC6B2998
                                          SHA1:A723D940F991F781044A948E4F423331646BF70A
                                          SHA-256:266A3771EF39C4855333A8FF90D4A48D8C19F2DDB561CEB41A5A8AB4747304F8
                                          SHA-512:FB313685DF29C20B324C3A0A8CA3096664DC4ED2AB7283C515FAF4C03D5371BB49757D553C2868378F5EB3903E36EE61BBCB2A0A10533242E5E764DCC13CA5C6
                                          Malicious:false
                                          URL:https://get.mycounter.ua/counter2.0.js
                                          Preview:var my_flash,my_m,undef,my_id,my_width,my_height,my_alt,my_img;.var my_j=0,my_s,my_rr,my_tf,my_fs,my_blocked='*',my_dst;.var my_h='mycounter.ua/';..if (my_alt == undef) my_alt = 'MyCounter';.if (my_width == undef || my_height == undef || my_width == 0 || my_height == 0) {. my_width = undef;. my_height = undef;.}.if (my_id == undef) my_id = 0;.if (my_img == undef) my_img = '';.if (typeof(screen)!=typeof(undef)) my_s=screen;.var my_stats_url="https://"+my_h+"stats/?id="+my_id;.document.cookie="s=1;path=/";..// get JavaScript version.var my_tmp = '';.for (var i=0; i<=9; i++) {. my_tmp += '<scr'+'ipt lang'+'uage="JavaScr'+'ipt';. if (i) my_tmp += '1.'+i;. my_tmp += '">my_j='+i+';</scr'+'ipt>';.}.my_tmp += '<scr'+'ipt language="JavaScr'+'ipt"></script>';.document.write(my_tmp);..// get Shockwave Flash version.my_flash = getFlash();.// get GMT.my_gmt = getGMT();.my_rr = my_tf = my_fs = '';..try { if (parent!=window) my_rr = escape(parent.document.referrer); }.catch(e) { my_rr = my_block

                                          Chrome Cache Entry: 161

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 10x67, components 3
                                          Category:downloaded
                                          Size (bytes):1442
                                          Entropy (8bit):6.588806251073558
                                          Encrypted:false
                                          SSDEEP:24:7K1hpunQWwh82lYSgKG1EVrSNT3ZyJ3VZuewQG9k8TChF9dG8fpVnLHR0:sitvniNS0J3afQICj9dG8hhLHR0
                                          MD5:EC137A302D20479F74AD5563B9420EA2
                                          SHA1:6DE30579E0D78D788BC0379EA0A4BF0D8EB3B7DE
                                          SHA-256:34639447E85C4F2375F4D38B62639E5B6AACEBDCE4076884062A188E9D1F4D03
                                          SHA-512:9AC8446284B3B4DE24FA0130A38AD1507DB9FBF117442C2DD62BC4F770C17F4E16BD5C2E54E3691B8A20B04B9BF02C5D548FFC99512596FD90A1A4D1C3520213
                                          Malicious:false
                                          URL:https://ukrnic.com/templates/ukrnic/images/foot_r.jpg
                                          Preview:......Exif..II*.................Ducky.......<.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:BF3685AAECCE11DFB8A5E10FA058F6DC" xmpMM:InstanceID="xmp.iid:BF3685A9ECCE11DFB8A5E10FA058F6DC" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:496B1D45EAC011DFA8A38BE171313417" stRef:documentID="xmp.did:496B1D46EAC011DFA8A38BE171313417"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................

                                          Chrome Cache Entry: 162

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (32065)
                                          Category:downloaded
                                          Size (bytes):85578
                                          Entropy (8bit):5.366055229017455
                                          Encrypted:false
                                          SSDEEP:1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
                                          MD5:2F6B11A7E914718E0290410E85366FE9
                                          SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                                          SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                                          SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                                          Malicious:false
                                          URL:https://ukrnic.com/user/classes/js/jquery.js?v=0d74b
                                          Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

                                          Chrome Cache Entry: 163

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                          Category:dropped
                                          Size (bytes):894
                                          Entropy (8bit):1.855659497615512
                                          Encrypted:false
                                          SSDEEP:12:t46SNwX1SoXwI+3SowASoNSQ+G1SoXww1SoXASZa945PQqF:tKjqRxRTgZ/pQqF
                                          MD5:38F74ECB47124291E75A405B86C867EE
                                          SHA1:E929FB7E3F9D9CBA8DADCE8063B35B8F076F1EAC
                                          SHA-256:2B181664B62C94CCAE13EED7F2E9E8BD10921D295D452CCFB364E7F999553A03
                                          SHA-512:FE6E6DE5164C7D59904F1B777DC9CE875FEC0514D843CBCA479FAA73252074790A53C87F748F138EB711D85E66634EA17E6D4E5FF993F990C828C27DFCD5728A
                                          Malicious:false
                                          Preview:..............h.......(....... .........................................................................................................................................................................................................................................................................................................................................................................................................................................%..%..%........%...........%.....%........%..%...........%.....%........%........%.....%.....%...........%.....%.....%...........%..%........%...........%.....%..%..............%..%..%.....%...........%.....%.....%...........%........%..%...........%.....%........%........%........%..%...........%.....%...........%.....%..%..%.....}a..y^..u_..m_..]_..=^..}a..............u...us..t...uv..u...u...

                                          Chrome Cache Entry: 164

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                          Category:downloaded
                                          Size (bytes):894
                                          Entropy (8bit):1.855659497615512
                                          Encrypted:false
                                          SSDEEP:12:t46SNwX1SoXwI+3SowASoNSQ+G1SoXww1SoXASZa945PQqF:tKjqRxRTgZ/pQqF
                                          MD5:38F74ECB47124291E75A405B86C867EE
                                          SHA1:E929FB7E3F9D9CBA8DADCE8063B35B8F076F1EAC
                                          SHA-256:2B181664B62C94CCAE13EED7F2E9E8BD10921D295D452CCFB364E7F999553A03
                                          SHA-512:FE6E6DE5164C7D59904F1B777DC9CE875FEC0514D843CBCA479FAA73252074790A53C87F748F138EB711D85E66634EA17E6D4E5FF993F990C828C27DFCD5728A
                                          Malicious:false
                                          URL:https://ukrnic.com/favicon.ico
                                          Preview:..............h.......(....... .........................................................................................................................................................................................................................................................................................................................................................................................................................................%..%..%........%...........%.....%........%..%...........%.....%........%........%.....%.....%...........%.....%.....%...........%..%........%...........%.....%..%..............%..%..%.....%...........%.....%.....%...........%........%..%...........%.....%........%........%........%..%...........%.....%...........%.....%..%..%.....}a..y^..u_..m_..]_..=^..}a..............u...us..t...uv..u...u...

                                          Chrome Cache Entry: 165

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (32065)
                                          Category:dropped
                                          Size (bytes):85578
                                          Entropy (8bit):5.366055229017455
                                          Encrypted:false
                                          SSDEEP:1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
                                          MD5:2F6B11A7E914718E0290410E85366FE9
                                          SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                                          SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                                          SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                                          Malicious:false
                                          Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

                                          Chrome Cache Entry: 166

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 200 x 27, 8-bit/color RGBA, non-interlaced
                                          Category:downloaded
                                          Size (bytes):8222
                                          Entropy (8bit):7.96775875318015
                                          Encrypted:false
                                          SSDEEP:192:wdoQY1WM2oEVMnMPUaPQLfoVFaDgSBLJE9sTN66ACj80i8O:wds1WXQ/LfovaDgSjE9P6ACj8B
                                          MD5:30A439AAF904C3E77F9A0A72D6E7398D
                                          SHA1:82695E64F0F73C1134EF77C262648C5F8E97929B
                                          SHA-256:4B0413E203671CA15E3337FBF04859E64015CBE08A3C013D9432EAF607A72CFD
                                          SHA-512:58C55B8C1217BBF3DF296F20664F7FA96E02ED34C19D4B9AC0DA03D7421D6628E6E9C3B0CA3304E717209C1CB7D2F999B5312482983354942D265CDDE6E79199
                                          Malicious:false
                                          URL:https://ukrnic.com/templates/ukrnic/images/liqpay6.png
                                          Preview:.PNG........IHDR.............9.......sRGB.........gAMA......a.....pHYs..........+......IDATx^.\w`...=....@BB @..B.".iJ..D.+.O......., ."..^.!.P.z.i...{............p`......of/Z5......./GYB..N.D^` .......R.+.qt.....cG.u..]33u.]P...]."..)..Lu.....f...y....M......y..*....s....,A...b...>S]...........<......f.X..@ .W .'*..u.....F.....s.....Io^..O....k...G....W._=&m........c2....9p.....V....4...h...O..\...I....i6...w...P.?.e.02...o......)h.H....?..9..g#..)...xP..(...gzC/2..3C<..J.<.4&...).5.......P\Z._w.`.StT.l........2.:..o.A...#G.Fbb)e...Lu.v]/4qk..f....06.!....+Zx[)..<p..V....LTV.m&+.._7.......P...fH6f}......~.v5.K.3.?.g...k.GqH.BF.FeD...y..1..#.B.0.H..2#Q)z4.../f...L8.A...<Q..(.3K0z.Q....[..d.c...........^..hI.H...1kN.|...*++.g...|.....4.-}akk.9./..........J..H........ic......{}.1..S.f.U..W..j.XX...v...T...DD......8.Q!B.'S.<..Kr..xL.I...%.O<.c.`.I%K..y........g`fh..}su......7SN.X....m..Q.A...0.y2z......id..F5.....ZZwg.e........$.2..m..8TTi..-.

                                          Chrome Cache Entry: 167

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 289 x 66, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):10642
                                          Entropy (8bit):7.954113254251009
                                          Encrypted:false
                                          SSDEEP:192:AEv+2QMpaz3/JNKNx5gNJp9rVxkFu0HSBJQCpKqheL+++9FKLI4:AE/ar/2NxqNHaFu0/4Uc4
                                          MD5:D3880CB8F6376272AFD3AB13DD172E40
                                          SHA1:A58A22971331D9FC4F7DE43AC512311DD4D41CC4
                                          SHA-256:501B6FDAE18E5CE15B2CBB19C39A988E9598B440677D65611DC7C1AEFD043DA2
                                          SHA-512:867213B690293D7DBC67AA693588753F168582FBC4F7A60ED4B23180E6A8868D17C57BFF8C8885A016A6053316066712DEF784B18F8B12E182BBC514698B1349
                                          Malicious:false
                                          Preview:.PNG........IHDR...!...B.......`[....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:E38520ADEAB911DF94D3F3E15722AA85" xmpMM:DocumentID="xmp.did:E38520AEEAB911DF94D3F3E15722AA85"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E38520ABEAB911DF94D3F3E15722AA85" stRef:documentID="xmp.did:E38520ACEAB911DF94D3F3E15722AA85"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.._...&.IDATx..].|.E....L.r...@..9D..\.,H.u=@.Xd...).V.Ey..K..'.AEXDV.y,,..O.Q..! W......I..W_u..g..LB&.H.?..}VU......

                                          Chrome Cache Entry: 168

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 6x67, components 3
                                          Category:dropped
                                          Size (bytes):1339
                                          Entropy (8bit):6.450737433708996
                                          Encrypted:false
                                          SSDEEP:24:7K1hpunQWwjx82lY2T32HEVrSKKcyJ3VZHK0UmlG+OhOLHyp6cPGCh:sitNn2VgJ3GEChOLyp6cP5
                                          MD5:0324663849AD24E87F11AC1D6516320F
                                          SHA1:37CEAFDAC709E5818089BA53787C9B517C36A67C
                                          SHA-256:20B89C628474D9E755331C942445AE271E7664855B4CF6F263D8B2105B124A57
                                          SHA-512:EC696DC3FE375AC76ADCB89CB36B52B23DB092C24559A8130DB6F7CB218E90C081D25C12D581C66A4B247CF1FE313C42C39AD37D9DCB6A00170BF9C63E468F37
                                          Malicious:false
                                          Preview:......Exif..II*.................Ducky.......<.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:B38CAF87EABA11DF9EC5AC1C3F361E6E" xmpMM:DocumentID="xmp.did:B38CAF88EABA11DF9EC5AC1C3F361E6E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B38CAF85EABA11DF9EC5AC1C3F361E6E" stRef:documentID="xmp.did:B38CAF86EABA11DF9EC5AC1C3F361E6E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................

                                          Chrome Cache Entry: 169

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 200 x 27, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):8222
                                          Entropy (8bit):7.96775875318015
                                          Encrypted:false
                                          SSDEEP:192:wdoQY1WM2oEVMnMPUaPQLfoVFaDgSBLJE9sTN66ACj80i8O:wds1WXQ/LfovaDgSjE9P6ACj8B
                                          MD5:30A439AAF904C3E77F9A0A72D6E7398D
                                          SHA1:82695E64F0F73C1134EF77C262648C5F8E97929B
                                          SHA-256:4B0413E203671CA15E3337FBF04859E64015CBE08A3C013D9432EAF607A72CFD
                                          SHA-512:58C55B8C1217BBF3DF296F20664F7FA96E02ED34C19D4B9AC0DA03D7421D6628E6E9C3B0CA3304E717209C1CB7D2F999B5312482983354942D265CDDE6E79199
                                          Malicious:false
                                          Preview:.PNG........IHDR.............9.......sRGB.........gAMA......a.....pHYs..........+......IDATx^.\w`...=....@BB @..B.".iJ..D.+.O......., ."..^.!.P.z.i...{............p`......of/Z5......./GYB..N.D^` .......R.+.qt.....cG.u..]33u.]P...]."..)..Lu.....f...y....M......y..*....s....,A...b...>S]...........<......f.X..@ .W .'*..u.....F.....s.....Io^..O....k...G....W._=&m........c2....9p.....V....4...h...O..\...I....i6...w...P.?.e.02...o......)h.H....?..9..g#..)...xP..(...gzC/2..3C<..J.<.4&...).5.......P\Z._w.`.StT.l........2.:..o.A...#G.Fbb)e...Lu.v]/4qk..f....06.!....+Zx[)..<p..V....LTV.m&+.._7.......P...fH6f}......~.v5.K.3.?.g...k.GqH.BF.FeD...y..1..#.B.0.H..2#Q)z4.../f...L8.A...<Q..(.3K0z.Q....[..d.c...........^..hI.H...1kN.|...*++.g...|.....4.-}akk.9./..........J..H........ic......{}.1..S.f.U..W..j.XX...v...T...DD......8.Q!B.'S.<..Kr..xL.I...%.O<.c.`.I%K..y........g`fh..}su......7SN.X....m..Q.A...0.y2z......id..F5.....ZZwg.e........$.2..m..8TTi..-.

                                          Chrome Cache Entry: 170

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x67, components 3
                                          Category:downloaded
                                          Size (bytes):2431
                                          Entropy (8bit):7.445085534154306
                                          Encrypted:false
                                          SSDEEP:48:sitNn2VaEDiJ389Q8GDPbqEft9MKpyynjRZR5QQgiOm4:l2YED59Q5bln171OL
                                          MD5:89890396FE4591B2875F0B0164FE9C22
                                          SHA1:2CB1CACE0E6116FE382FE828D1743ADCF9E6FC68
                                          SHA-256:2DCFF68F03953EA23F23FC5E8C37504FF96264DAB832E2371FB01B0C616E6ABC
                                          SHA-512:39156DE5474ED9C4F305AC98D41BBCE9E3851935F9FC4D867B5B37E8E46E8C695BC1B2F14BE2CD27879BD1CB9ADA5044E3F81D367EEB026E96E160410676C271
                                          Malicious:false
                                          URL:https://ukrnic.com/templates/ukrnic/images/head_r.jpg
                                          Preview:......Exif..II*.................Ducky.......<.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:496B1D45EAC011DFA8A38BE171313417" xmpMM:DocumentID="xmp.did:496B1D46EAC011DFA8A38BE171313417"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:496B1D43EAC011DFA8A38BE171313417" stRef:documentID="xmp.did:496B1D44EAC011DFA8A38BE171313417"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................

                                          Chrome Cache Entry: 171

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (18446)
                                          Category:dropped
                                          Size (bytes):96190
                                          Entropy (8bit):5.204592287727612
                                          Encrypted:false
                                          SSDEEP:1536:m05y+RkV1zWQGPe2Yw3kub7wwxFLn0IR0HoKcu3RiiHf3ma8yAJYMye:S+jTi2u3EiHf3ma0Jrye
                                          MD5:0595E298FE7D89DBA01F17568493A734
                                          SHA1:B2099FDD5B5D744FBB5DE8B3F0618C522F4CE44D
                                          SHA-256:54A82CB12E6E213C3B94FB1674617997E730F8FB5A44237800881DC439814C1C
                                          SHA-512:23BFEB927C1385C28198E97EE4A54C898CD77349BBF93F3AF43223F2EE2B4C162E65C5648EEF3CC1FB456D5029ED4B52CE7C1AA14F3B92C4E60B5FDC42F6537C
                                          Malicious:false
                                          Preview:/*! jQuery UI - v1.9.2 - 2012-11-23.* http://jqueryui.com.* Includes: jquery.ui.core.js.* Copyright 2012 jQuery Foundation and other contributors; Licensed MIT */.(function(e,t){function i(t,n){var r,i,o,u=t.nodeName.toLowerCase();return"area"===u?(r=t.parentNode,i=r.name,!t.href||!i||r.nodeName.toLowerCase()!=="map"?!1:(o=e("img[usemap=#"+i+"]")[0],!!o&&s(o))):(/input|select|textarea|button|object/.test(u)?!t.disabled:"a"===u?t.href||n:n)&&s(t)}function s(t){return e.expr.filters.visible(t)&&!e(t).parents().andSelf().filter(function(){return e.css(this,"visibility")==="hidden"}).length}var n=0,r=/^ui-id-\d+$/;e.ui=e.ui||{};if(e.ui.version)return;e.extend(e.ui,{version:"1.9.2",keyCode:{BACKSPACE:8,COMMA:188,DELETE:46,DOWN:40,END:35,ENTER:13,ESCAPE:27,HOME:36,LEFT:37,NUMPAD_ADD:107,NUMPAD_DECIMAL:110,NUMPAD_DIVIDE:111,NUMPAD_ENTER:108,NUMPAD_MULTIPLY:106,NUMPAD_SUBTRACT:109,PAGE_DOWN:34,PAGE_UP:33,PERIOD:190,RIGHT:39,SPACE:32,TAB:9,UP:38}}),e.fn.extend({_focus:e.fn.focus,focus:function(

                                          Chrome Cache Entry: 172

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 289 x 66, 8-bit/color RGBA, non-interlaced
                                          Category:downloaded
                                          Size (bytes):10642
                                          Entropy (8bit):7.954113254251009
                                          Encrypted:false
                                          SSDEEP:192:AEv+2QMpaz3/JNKNx5gNJp9rVxkFu0HSBJQCpKqheL+++9FKLI4:AE/ar/2NxqNHaFu0/4Uc4
                                          MD5:D3880CB8F6376272AFD3AB13DD172E40
                                          SHA1:A58A22971331D9FC4F7DE43AC512311DD4D41CC4
                                          SHA-256:501B6FDAE18E5CE15B2CBB19C39A988E9598B440677D65611DC7C1AEFD043DA2
                                          SHA-512:867213B690293D7DBC67AA693588753F168582FBC4F7A60ED4B23180E6A8868D17C57BFF8C8885A016A6053316066712DEF784B18F8B12E182BBC514698B1349
                                          Malicious:false
                                          URL:https://ukrnic.com/templates/ukrnic/images/logo.png
                                          Preview:.PNG........IHDR...!...B.......`[....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:E38520ADEAB911DF94D3F3E15722AA85" xmpMM:DocumentID="xmp.did:E38520AEEAB911DF94D3F3E15722AA85"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E38520ABEAB911DF94D3F3E15722AA85" stRef:documentID="xmp.did:E38520ACEAB911DF94D3F3E15722AA85"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.._...&.IDATx..].|.E....L.r...@..9D..\.,H.u=@.Xd...).V.Ey..K..'.AEXDV.y,,..O.Q..! W......I..W_u..g..LB&.H.?..}VU......

                                          Chrome Cache Entry: 173

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 10x67, components 3
                                          Category:dropped
                                          Size (bytes):1442
                                          Entropy (8bit):6.588806251073558
                                          Encrypted:false
                                          SSDEEP:24:7K1hpunQWwh82lYSgKG1EVrSNT3ZyJ3VZuewQG9k8TChF9dG8fpVnLHR0:sitvniNS0J3afQICj9dG8hhLHR0
                                          MD5:EC137A302D20479F74AD5563B9420EA2
                                          SHA1:6DE30579E0D78D788BC0379EA0A4BF0D8EB3B7DE
                                          SHA-256:34639447E85C4F2375F4D38B62639E5B6AACEBDCE4076884062A188E9D1F4D03
                                          SHA-512:9AC8446284B3B4DE24FA0130A38AD1507DB9FBF117442C2DD62BC4F770C17F4E16BD5C2E54E3691B8A20B04B9BF02C5D548FFC99512596FD90A1A4D1C3520213
                                          Malicious:false
                                          Preview:......Exif..II*.................Ducky.......<.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:BF3685AAECCE11DFB8A5E10FA058F6DC" xmpMM:InstanceID="xmp.iid:BF3685A9ECCE11DFB8A5E10FA058F6DC" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:496B1D45EAC011DFA8A38BE171313417" stRef:documentID="xmp.did:496B1D46EAC011DFA8A38BE171313417"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................

                                          Chrome Cache Entry: 174

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 88 x 51, 8-bit colormap, non-interlaced
                                          Category:dropped
                                          Size (bytes):834
                                          Entropy (8bit):7.644263095582123
                                          Encrypted:false
                                          SSDEEP:24:HFLYpGNcQApnHu6hL4gdCU4tilUF1sShFgE:lLYwpgOsCUgilUsSl
                                          MD5:7CE87098ECD36FFBA933108D93A1801F
                                          SHA1:E07AD8D7310ECCB82AB6391E8A4E7D11EF11A27F
                                          SHA-256:7B7090DE94AB13E86191FA2CBC3A259A7605129801A1F65B8E9F1DE6885606DC
                                          SHA-512:91647390C8A95E28516EAAFE0B0D9D47A1A919D98D385FFF2DAC9FE4A343AF6D5DB508792D9185BA708C1ED4B984C2456D7AD349F00CAFCAC02134B309F0575C
                                          Malicious:false
                                          Preview:.PNG........IHDR...X...3.....$x?....ZPLTE...)R.R..Z..c..c..k..s..{................{....s..k..c....R..J..B..9..1..!.................K6....pHYs..........+......IDATXG.mw.0...4PX].......s'.!.."...FL..r3S.p..>Uc....F,./.>...D.F1.....3.f|D.[V.Q..>..w6....>.,.y.)...b.E........X&.Alh..A..6..gz..>.S.5b....N.<.`..l^5.-x....<.C...\.t.:.f).Jw.q.k...X..wE.E...E.N..J...b.[.o.....rD.J$..._.~...X%...z.l5.K.*....G.~...Y.Z.qP.DA(UM...i*.....,o...X.7..}S..R.n......).....~J.>.......C=.+......:v...%\.......A.n..-R.....O.p.#.hAO.{G...@..Z.,&:....UaJ.....:..Q.y..su.M..7..k.w..R.}...R..8.>.X.....]....C.gd.G*...T.%..U.jU..h/..G...e.......4:.d....)..A[_~....}A....K......y/.W....t..3.....d.....B{....K....\..x'!.j.J.....:....b.........P...`.z..i...Pn......E.....x.c..8.O<.q..^......ooU.4 .?.....?.....G`.....IEND.B`.

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Entropy (8bit):5.909145739050385
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 98.62%
                                          • ASPack compressed Win32 Executable (generic) (133821/79) 1.32%
                                          • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          File name:izCOFC8OWh.exe
                                          File size:88'557 bytes
                                          MD5:d7326ecb2bda34ba1dc81c821e6f32af
                                          SHA1:59362f6d162758adf219397bcc11c80ad0ca8fc3
                                          SHA256:8513d85822ec820592542026eca0fd8b71cacf15e2d9d3c8a6d564c7899dcf90
                                          SHA512:a890f077adc904be818f9a17148ee8abb2258654824d27e21d84e5e7862087639881642afe094bfd3d1968d4786f8d24035d72ed785173fc3c91bad9438b0e7d
                                          SSDEEP:1536:NJVxqmQSMvEhyEwhND3ugqqM/D2XkQ5XRBMtxjMSmX:NzftMvLdnD3ZFK2XL57MtxNu
                                          TLSH:48837D13F6D0C836E0605EF88C299584AA6B7A722D3A44567BED0F0F9E68393CC5D247
                                          File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                          File Icon

                                          Icon Hash:00928e8e8686b000

                                          Static PE Info

                                          General

                                          Entrypoint:0x40d3f8
                                          Entrypoint Section:CODE
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                          DLL Characteristics:
                                          Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:568f857a51133658be49d01e79865581

                                          Entrypoint Preview

                                          Instruction
                                          push ebp
                                          mov ebp, esp
                                          mov ecx, 00000007h
                                          push 00000000h
                                          push 00000000h
                                          dec ecx
                                          jne 00007F2320BA4F6Bh
                                          push ebx
                                          push esi
                                          push edi
                                          mov eax, 0040D3A8h
                                          call 00007F2320B9D3F5h
                                          xor eax, eax
                                          push ebp
                                          push 0040D665h
                                          push dword ptr fs:[eax]
                                          mov dword ptr fs:[eax], esp
                                          call 00007F2320BA32A2h
                                          call 00007F2320BA35A9h
                                          sub eax, 01h
                                          jc 00007F2320BA4F84h
                                          je 00007F2320BA5038h
                                          dec eax
                                          je 00007F2320BA504Dh
                                          jmp 00007F2320BA517Ch
                                          push 00000000h
                                          lea eax, dword ptr [ebp-14h]
                                          mov ecx, dword ptr [0040F7F0h]
                                          mov edx, dword ptr [0040F7E4h]
                                          call 00007F2320B9BFF0h
                                          mov eax, dword ptr [ebp-14h]
                                          call 00007F2320B9C19Ch
                                          push eax
                                          mov eax, dword ptr [0040F7FCh]
                                          call 00007F2320B9C191h
                                          push eax
                                          call 00007F2320B9D453h
                                          test eax, eax
                                          je 00007F2320BA4FD6h
                                          xor eax, eax
                                          push ebp
                                          push 0040D4AAh
                                          push dword ptr fs:[eax]
                                          mov dword ptr fs:[eax], esp
                                          lea eax, dword ptr [ebp-18h]
                                          mov ecx, dword ptr [0040F7F0h]
                                          mov edx, dword ptr [0040F7E4h]
                                          call 00007F2320B9BFB1h
                                          mov eax, dword ptr [ebp-18h]
                                          call 00007F2320BA2199h
                                          xor eax, eax
                                          pop edx
                                          pop ecx
                                          pop ecx
                                          mov dword ptr fs:[eax], edx
                                          jmp 00007F2320BA4F7Ch
                                          jmp 00007F2320B9B5CAh
                                          call 00007F2320B9B7A5h
                                          push 00000000h
                                          lea eax, dword ptr [ebp-1Ch]
                                          mov ecx, dword ptr [0040F7F0h]

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x100000xa0.idata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x140000x1400.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x16f3c0x18.aspack
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x100000

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          CODE0x10000xd0000xd0001d7e639754f0d4dd0d758814c07c7c30False0.5449030949519231data6.341398593785762IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          DATA0xe0000x10000x1000ba5742996b253f5b40172a689f0baa04False0.169189453125data1.8756338810122581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          BSS0xf0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .idata0x100000x10000x1000c82cdd516fea9052cede1512d37379f8False0.237060546875data3.1322699702118446IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .tls0x110000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .rdata0x120000x10000x200214a209aa2c527f89ad12222527bb103False0.05078125MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "A"0.20544562813451883IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .reloc0x130000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .rsrc0x140000x20000x2000dabccab5482c1b2c842f00e943a8d5a6False0.149658203125data1.7343004441507188IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .aspack0x160000x20000x1800bb4520d55af20f7751916638ee7c5b26False0.5608723958333334data5.735754218820344IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .adata0x180000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_STRING0x142480xf0data0.4666666666666667
                                          RT_STRING0x143380xd8data0.5740740740740741
                                          RT_STRING0x144100x260data0.4457236842105263
                                          RT_STRING0x146700x37cdata0.4080717488789238
                                          RT_STRING0x149ec0x2a0data0.4017857142857143
                                          RT_RCDATA0x14c8c0x10data1.5
                                          RT_RCDATA0x14c9c0x6cdata0.9907407407407407
                                          RT_VERSION0x173a40x2b8COM executable for DOSRomanianRomania0.46551724137931033
                                          RT_MANIFEST0x170b80x2e9XML 1.0 document, ASCII text, with CRLF line terminators0.487248322147651

                                          Imports

                                          DLLImport
                                          kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, WideCharToMultiByte, SetCurrentDirectoryA, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                          user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                          advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                          oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                          kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                          kernel32.dllWriteFile, WinExec, VirtualQuery, Sleep, SetCurrentDirectoryA, MoveFileA, LoadLibraryA, GetVersionExA, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetShortPathNameA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetFileAttributesA, GetEnvironmentVariableA, GetDiskFreeSpaceA, GetCPInfo, GetACP, FreeLibrary, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, DeleteFileA, CreateDirectoryA, CopyFileA, CloseHandle
                                          user32.dllMessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharToOemA

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          RomanianRomania

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 5, 2024 18:04:22.175302982 CET4979980192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:22.175934076 CET4980080192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:22.295141935 CET804979991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:22.295629025 CET804980091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:22.295672894 CET4979980192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:22.295708895 CET4980080192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:22.496561050 CET4980180192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:22.497189045 CET4980080192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:22.616594076 CET804980191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:22.616811037 CET4980180192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:22.616996050 CET804980091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:23.711318970 CET804980091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:23.856945992 CET4980080192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:23.865045071 CET49808443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:23.865071058 CET4434980891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:23.865222931 CET49808443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:23.865417004 CET49808443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:23.865432024 CET4434980891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:23.953100920 CET804980091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:24.046948910 CET4980080192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:25.752525091 CET4434980891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:25.776819944 CET49808443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:25.776849985 CET4434980891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:25.778083086 CET4434980891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:25.778203964 CET49808443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:25.785067081 CET49808443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:25.785197020 CET4434980891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:25.785279989 CET49808443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:25.785289049 CET4434980891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:25.922030926 CET49808443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:25.965919018 CET49816443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:04:25.965975046 CET44349816142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:04:25.966047049 CET49816443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:04:25.966264963 CET49816443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:04:25.966280937 CET44349816142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:04:26.343247890 CET4434980891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:26.343280077 CET4434980891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:26.343291998 CET4434980891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:26.343391895 CET49808443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:26.343422890 CET4434980891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:26.343508005 CET49808443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:26.349966049 CET4434980891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:26.350080013 CET4434980891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:26.350126028 CET49808443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:26.350604057 CET49808443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:26.350626945 CET4434980891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:26.405369997 CET49817443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:26.405426979 CET4434981791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:26.405499935 CET49817443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:26.405881882 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:26.405920029 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:26.406086922 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:26.406399965 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:26.406423092 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:26.406646013 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:26.406761885 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:26.406795979 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:26.406850100 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:26.407150030 CET49817443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:26.407169104 CET4434981791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:26.407320023 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:26.407341003 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:26.407413960 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:26.407428026 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:26.407541990 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:26.407561064 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.798296928 CET44349816142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:04:27.845330000 CET49816443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:04:27.845376968 CET44349816142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:04:27.846573114 CET44349816142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:04:27.846636057 CET49816443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:04:27.852626085 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.852797985 CET4434981791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.852797031 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.855720043 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.858905077 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:27.858916044 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.859098911 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:27.859106064 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.859329939 CET49817443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:27.859335899 CET4434981791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.859496117 CET49816443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:04:27.859621048 CET44349816142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:04:27.859690905 CET4434981791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.859961033 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.860013008 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:27.860083103 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:27.860094070 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.860207081 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.860264063 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:27.860411882 CET49817443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:27.860440969 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.860466003 CET4434981791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.861198902 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:27.861248970 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.861624002 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:27.861675978 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.862438917 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:27.862502098 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.862741947 CET49817443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:27.862831116 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:27.862837076 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.862880945 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:27.862885952 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.863028049 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:27.903325081 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.903325081 CET4434981791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:27.951858997 CET49816443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:04:27.951884985 CET44349816142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:04:27.951919079 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:27.951920986 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.156636000 CET49816443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:04:28.445900917 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.445930958 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.445940018 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.445969105 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.446043015 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.446043968 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.446060896 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.447457075 CET4434981791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.447482109 CET4434981791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.447540045 CET49817443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.447547913 CET4434981791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.450810909 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.450880051 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.450901985 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.450923920 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.450936079 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.450947046 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.450978994 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.455288887 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.455363035 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.455430984 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.455441952 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.540296078 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.558489084 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.558491945 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.558491945 CET49817443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.558511019 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.635669947 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.635695934 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.635721922 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.635737896 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.635750055 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.635793924 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.636233091 CET4434981791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.636248112 CET4434981791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.636270046 CET4434981791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.636302948 CET49817443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.636349916 CET49817443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.636915922 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.636929989 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.636955023 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.636986971 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.637011051 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.640364885 CET4434981791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.640441895 CET49817443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.640448093 CET4434981791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.640491962 CET49817443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.641422987 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.641453028 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.641489029 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.641490936 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.641526937 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.641552925 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.656464100 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.656485081 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.656517029 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.656673908 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.656673908 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.656706095 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.656727076 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.656781912 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.662439108 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.662466049 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.662580967 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.664870024 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.664882898 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.664926052 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.664985895 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.665011883 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.676820040 CET49817443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.676853895 CET4434981791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.677223921 CET49820443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.677237988 CET4434982091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.690053940 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.690064907 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.690098047 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.690146923 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.690208912 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.692054033 CET49828443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.692106962 CET4434982891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.692487001 CET49829443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.692527056 CET4434982991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.692531109 CET49828443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.692826986 CET49828443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.692843914 CET4434982891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.692862034 CET49829443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.693447113 CET49829443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.693464994 CET4434982991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.695271015 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.695287943 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.695362091 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.715420008 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.715435028 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.715487003 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.715583086 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.715745926 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.723098040 CET804980091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.723205090 CET4980080192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.743515968 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.743530035 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.743609905 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.836611986 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.836630106 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.836776018 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.849134922 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.849226952 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.851322889 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.851331949 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.851399899 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.870168924 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.870181084 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.870243073 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.873550892 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.873625994 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.884680986 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.884691954 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.884762049 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.891796112 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.891887903 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.899204969 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.899285078 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.907968044 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.908085108 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.913100958 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.913194895 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.913203955 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.913249016 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.913769007 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.913796902 CET4434981991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.913808107 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.913845062 CET49819443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.918956995 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.919047117 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.946526051 CET4980080192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.947073936 CET49831443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.947143078 CET4434983191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.947247028 CET49831443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.948069096 CET49832443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.948101044 CET4434983291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.948252916 CET49832443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.950618982 CET49833443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.950659037 CET4434983391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.950797081 CET49833443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.951154947 CET49831443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.951181889 CET4434983191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.951745033 CET49832443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.951765060 CET4434983291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.952074051 CET49833443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:28.952095032 CET4434983391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.952449083 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:28.952547073 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:29.029865026 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:29.029989958 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:29.030051947 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:29.030051947 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:29.043766975 CET49818443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:29.043786049 CET4434981891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:29.044444084 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:29.044491053 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:29.044648886 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:29.046782017 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:29.046798944 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:29.066864967 CET804980091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:29.130575895 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:29.130630016 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:29.130790949 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:29.130979061 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:29.131051064 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:29.131172895 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:29.131442070 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:29.131458998 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:29.131616116 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:29.131628036 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:29.709364891 CET49839443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:29.709444046 CET4434983962.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:29.709523916 CET49839443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:29.709743977 CET49839443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:29.709755898 CET4434983962.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:30.133089066 CET4434982991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.136248112 CET4434982891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.142797947 CET49828443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.142819881 CET4434982891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.143028975 CET49829443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.143049955 CET4434982991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.143379927 CET4434982891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.143511057 CET4434982991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.143943071 CET49828443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.144022942 CET4434982891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.144211054 CET49828443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.144469023 CET49829443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.144565105 CET4434982991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.144635916 CET49829443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.187341928 CET4434982891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.191328049 CET4434982991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.401201963 CET4434983191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.405055046 CET4434983391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.405302048 CET4434983291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.495218039 CET49831443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.495253086 CET4434983191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.495512009 CET49832443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.495522976 CET4434983291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.496469021 CET4434983191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.496485949 CET4434983191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.496536016 CET49831443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.496686935 CET4434983291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.496706009 CET4434983291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.496771097 CET49832443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.497539043 CET49832443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.497608900 CET4434983291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.497864962 CET49833443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.497879028 CET4434983391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.498172998 CET49831443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.498238087 CET4434983191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.498282909 CET49832443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.498291016 CET4434983291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.498363018 CET49831443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.498369932 CET4434983191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.499012947 CET4434983391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.499030113 CET4434983391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.499070883 CET49833443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.504091978 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.505834103 CET49833443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.505930901 CET4434983391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.506324053 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.506331921 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.506967068 CET49833443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.506973028 CET4434983391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.516318083 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.516390085 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.517353058 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.518173933 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.518179893 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.519447088 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.556113005 CET49833443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.560142994 CET49831443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.560195923 CET49832443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.590747118 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.590989113 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.591007948 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.591259003 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.591953993 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.591984987 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.592314005 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.592367887 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.592713118 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.592873096 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.593311071 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.593365908 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.593379974 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.593815088 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.593883038 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.594022989 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.594031096 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.717257023 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.717284918 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.717318058 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.717334032 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.721748114 CET4434982991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.721776009 CET4434982991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.721847057 CET49829443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.721877098 CET4434982991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.722382069 CET4434982991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.722438097 CET49829443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.722445011 CET4434982991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.722470999 CET4434982991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.722517014 CET49829443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.727840900 CET4434982891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.727936029 CET4434982891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.727992058 CET49828443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.749191046 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.754625082 CET49828443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.754662991 CET4434982891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.756984949 CET49829443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.757023096 CET4434982991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.762041092 CET49845443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.762077093 CET4434984591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.762243986 CET49845443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.763207912 CET49845443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.763221979 CET4434984591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.771805048 CET49846443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.771851063 CET4434984691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.771920919 CET49846443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.772094011 CET49846443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.772108078 CET4434984691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:30.919694901 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:30.919780016 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.000844955 CET4434983291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.000931025 CET4434983291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.001013994 CET49832443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.003870964 CET49832443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.003887892 CET4434983291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.009953022 CET49848443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.009994030 CET4434984891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.010138988 CET49848443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.010351896 CET49848443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.010365963 CET4434984891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.035059929 CET4434983191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.035082102 CET4434983191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.035134077 CET49831443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.035139084 CET4434983191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.035187006 CET49831443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.036286116 CET49831443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.036303997 CET4434983191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.039041996 CET49849443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.039100885 CET4434984991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.039263964 CET49849443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.039463997 CET49849443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.039484024 CET4434984991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.040884972 CET49850443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.040900946 CET4434985091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.041003942 CET49850443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.041161060 CET49850443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.041171074 CET4434985091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.074817896 CET4434983391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.074846983 CET4434983391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.074853897 CET4434983391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.074898005 CET4434983391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.074928999 CET49833443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.074958086 CET4434983391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.074973106 CET4434983391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.074974060 CET49833443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.075015068 CET49833443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.096390963 CET49833443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.096429110 CET4434983391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.110441923 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.110472918 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.110488892 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.110496044 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.110544920 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.110563993 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.185815096 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.185846090 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.185853004 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.185872078 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.185903072 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.185929060 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.185942888 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.188651085 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.188674927 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.188682079 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.188707113 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.188739061 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.188761950 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.188787937 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.220558882 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.251079082 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.300333977 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.300349951 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.300395966 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.300415039 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.300448895 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.329602957 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.329616070 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.329642057 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.329672098 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.329715014 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.354913950 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.354928017 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.354958057 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.355005980 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.355042934 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.375879049 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.375895023 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.375933886 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.375948906 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.375962019 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.376000881 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.377644062 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.377654076 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.377702951 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.377707005 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.377749920 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.380500078 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.380516052 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.380537033 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.380583048 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.380633116 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.380682945 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.380881071 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.380901098 CET4434983591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.380917072 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.380953074 CET49835443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.400690079 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.400706053 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.400726080 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.400767088 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.400814056 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.400995970 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.401005030 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.401032925 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.401051044 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.401079893 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.434417963 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.434429884 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.434452057 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.434494019 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.434570074 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.435035944 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.435044050 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.435079098 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.435110092 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.435132980 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.458230019 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.458239079 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.458270073 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.458286047 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.458339930 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.460390091 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.460398912 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.460470915 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.574527979 CET4434983962.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:31.574837923 CET49839443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:31.574866056 CET4434983962.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:31.575877905 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.575887918 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.575910091 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.575936079 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.576088905 CET4434983962.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:31.576121092 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.576143026 CET49839443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:31.578429937 CET49839443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:31.578491926 CET4434983962.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:31.578752041 CET49839443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:31.578758955 CET4434983962.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:31.585575104 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.585583925 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.585654020 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.591866970 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.591878891 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.591898918 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.591945887 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.591980934 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.603977919 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.603986979 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.604048967 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.609535933 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.609545946 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.609574080 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.609592915 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.609643936 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.617767096 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.617777109 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.617837906 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.622767925 CET49839443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:31.623780966 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.623789072 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.623858929 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.634413958 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.634423018 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.634506941 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.637814045 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.637820959 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.637914896 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.645109892 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.645196915 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.651710987 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.651777029 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.651784897 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.651865959 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.655800104 CET49836443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.655817032 CET4434983691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.656151056 CET49851443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.656205893 CET4434985191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.656533957 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.656625986 CET49851443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.656631947 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.657138109 CET49851443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.657155037 CET4434985191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.761523962 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.761594057 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.761621952 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.761663914 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.761709929 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.768953085 CET49837443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.768973112 CET4434983791.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.769330025 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.769378901 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:31.769454956 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.770558119 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:31.770570040 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.000060081 CET4434983962.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:32.000082970 CET4434983962.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:32.000138998 CET4434983962.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:32.000144958 CET49839443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:32.000252962 CET49839443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:32.001491070 CET49839443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:32.001502991 CET4434983962.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:32.014612913 CET49855443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:32.014648914 CET4434985562.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:32.014723063 CET49855443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:32.015033007 CET49855443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:32.015048027 CET4434985562.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:32.208997965 CET4434984691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.209407091 CET49846443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.209431887 CET4434984691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.209745884 CET4434984691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.210144997 CET49846443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.210201979 CET4434984691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.210328102 CET49846443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.210840940 CET4434984591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.211646080 CET49845443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.211661100 CET4434984591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.212044001 CET4434984591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.212306023 CET49845443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.212383986 CET4434984591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.212414026 CET49845443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.244659901 CET49860443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:32.244698048 CET4434986062.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:32.245261908 CET49860443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:32.245471001 CET49860443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:32.245484114 CET4434986062.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:32.255330086 CET4434984691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.255331993 CET4434984591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.358724117 CET49845443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.415339947 CET4434984691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.415477991 CET49846443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.446110010 CET4434984891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.473011017 CET49848443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.473061085 CET4434984891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.474191904 CET4434984891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.474253893 CET49848443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.483483076 CET4434984991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.483486891 CET4434985091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.496562004 CET49848443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.496681929 CET4434984891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.529649019 CET49850443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.529680967 CET4434985091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.530350924 CET49849443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.530375957 CET4434984991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.530752897 CET49848443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.530772924 CET4434984891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.530811071 CET4434984991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.530949116 CET4434985091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.531013012 CET49850443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.531390905 CET49849443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.531464100 CET4434984991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.532080889 CET49850443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.532145977 CET4434985091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.532332897 CET49849443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.532479048 CET49850443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.532485008 CET4434985091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.579334974 CET4434984991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.739337921 CET4434984891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.739408016 CET49848443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.743335009 CET4434985091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.743396044 CET49850443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.830050945 CET4434984691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.830128908 CET4434984691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.831619978 CET49846443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.835253000 CET4434984591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.835280895 CET4434984591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.835294008 CET4434984591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.835320950 CET4434984591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.835339069 CET49845443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.835351944 CET4434984591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.835365057 CET49845443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.841483116 CET4434984591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.841547966 CET49845443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.841556072 CET4434984591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.841728926 CET49845443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.874207973 CET49846443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.874242067 CET4434984691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:32.876305103 CET49845443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:32.876324892 CET4434984591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.032315016 CET4434984891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.032396078 CET4434984891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.032516003 CET49848443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.067689896 CET4434985091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.067718983 CET4434985091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.067779064 CET4434985091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.067840099 CET49850443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.067878962 CET49850443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.071572065 CET4434984991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.071593046 CET4434984991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.071634054 CET49849443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.071647882 CET4434984991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.071686983 CET49849443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.107239008 CET4434985191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.150559902 CET49851443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.150578976 CET4434985191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.152115107 CET4434985191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.152169943 CET49851443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.156671047 CET49851443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.156790018 CET4434985191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.159318924 CET49851443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.159327030 CET4434985191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.163285971 CET49848443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.163333893 CET4434984891.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.165868044 CET49849443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.165887117 CET4434984991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.166656971 CET49850443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.166670084 CET4434985091.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.216643095 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.217422009 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.217462063 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.218544006 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.218609095 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.219495058 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.219572067 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.219746113 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.219754934 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.256481886 CET49851443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.282408953 CET49865443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.282469988 CET4434986591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.282536983 CET49865443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.282773018 CET49865443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.282788038 CET4434986591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.356650114 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.437104940 CET4434985562.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:33.438324928 CET49855443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:33.438334942 CET4434985562.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:33.438704967 CET4434985562.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:33.439166069 CET49855443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:33.439224958 CET4434985562.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:33.439322948 CET49855443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:33.487334013 CET4434985562.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:33.684221029 CET4434986062.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:33.684624910 CET49860443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:33.684649944 CET4434986062.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:33.685714006 CET4434986062.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:33.685782909 CET49860443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:33.686141014 CET49860443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:33.686198950 CET4434986062.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:33.686310053 CET49860443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:33.686319113 CET4434986062.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:33.699503899 CET4434985191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.699533939 CET4434985191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.699542046 CET4434985191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.699567080 CET4434985191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.699599028 CET49851443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.699626923 CET4434985191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.699636936 CET49851443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.699655056 CET4434985191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.699703932 CET49851443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.702188015 CET49851443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.702204943 CET4434985191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.767699003 CET49860443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:33.807655096 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.807687998 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.807696104 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.807729006 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.807749987 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.807789087 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:33.807801962 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:33.873507023 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:34.000963926 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.000982046 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.001020908 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.001063108 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:34.001099110 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:34.030668974 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.030684948 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.030710936 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.030765057 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:34.030810118 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:34.055402040 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.055418968 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.055455923 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.055461884 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:34.055520058 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:34.069453955 CET4434985562.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:34.069540977 CET4434985562.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:34.073518038 CET49855443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:34.076350927 CET49855443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:34.076365948 CET4434985562.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:34.080491066 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.080504894 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.080569029 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.080590963 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:34.080636024 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:34.084031105 CET49852443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:34.084052086 CET4434985291.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.160473108 CET49866443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:34.160516977 CET4434986691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.160705090 CET49866443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:34.161119938 CET49866443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:34.161134005 CET4434986691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.309362888 CET4434986062.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:34.309391022 CET4434986062.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:34.309449911 CET49860443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:34.309456110 CET4434986062.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:34.310137987 CET49860443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:34.332012892 CET49860443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:34.332032919 CET4434986062.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:34.335350990 CET49868443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:34.335407019 CET4434986862.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:34.335475922 CET49868443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:34.335769892 CET49868443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:34.335784912 CET4434986862.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:34.728508949 CET4434986591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.728775978 CET49865443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:34.728789091 CET4434986591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.729155064 CET4434986591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.729742050 CET49865443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:34.729805946 CET4434986591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:34.729957104 CET49865443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:34.771336079 CET4434986591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:35.321046114 CET4434986591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:35.321070910 CET4434986591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:35.321132898 CET49865443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:35.321135998 CET4434986591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:35.321237087 CET49865443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:35.415255070 CET49865443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:35.415281057 CET4434986591.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:35.602195024 CET4434986691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:35.722898960 CET49866443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:35.734853029 CET49866443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:35.734879017 CET4434986691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:35.735461950 CET4434986691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:35.738497019 CET49866443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:35.738595963 CET4434986691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:35.738991022 CET49866443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:35.767326117 CET4434986862.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:35.768104076 CET49868443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:35.768132925 CET4434986862.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:35.768523932 CET4434986862.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:35.768841028 CET49868443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:35.768908024 CET4434986862.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:35.768986940 CET49868443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:35.779339075 CET4434986691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:35.811343908 CET4434986862.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:36.188291073 CET4434986691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:36.188378096 CET4434986691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:36.188488007 CET49866443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:36.193761110 CET49866443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:36.193790913 CET4434986691.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:36.200454950 CET49873443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:36.200495005 CET4434987391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:36.200745106 CET49873443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:36.200970888 CET49873443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:36.200987101 CET4434987391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:36.398823977 CET4434986862.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:36.398910999 CET4434986862.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:36.399058104 CET49868443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:36.403795004 CET49868443192.168.2.662.149.0.249
                                          Dec 5, 2024 18:04:36.403834105 CET4434986862.149.0.249192.168.2.6
                                          Dec 5, 2024 18:04:37.357170105 CET44349816142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:04:37.357378960 CET44349816142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:04:37.357455969 CET49816443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:04:37.647075891 CET4434987391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:37.647350073 CET49873443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:37.647371054 CET4434987391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:37.647732019 CET4434987391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:37.648178101 CET49873443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:37.648250103 CET4434987391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:37.648519993 CET49873443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:37.691333055 CET4434987391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:38.238518953 CET4434987391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:38.238607883 CET4434987391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:38.238704920 CET49873443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:38.367460966 CET49873443192.168.2.691.197.17.8
                                          Dec 5, 2024 18:04:38.367486954 CET4434987391.197.17.8192.168.2.6
                                          Dec 5, 2024 18:04:38.460755110 CET49816443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:04:38.460777998 CET44349816142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:05:07.356678009 CET4979980192.168.2.691.197.17.8
                                          Dec 5, 2024 18:05:07.480532885 CET804979991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:05:07.626452923 CET4980180192.168.2.691.197.17.8
                                          Dec 5, 2024 18:05:07.746437073 CET804980191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:05:23.122869015 CET4979980192.168.2.691.197.17.8
                                          Dec 5, 2024 18:05:23.122914076 CET4980180192.168.2.691.197.17.8
                                          Dec 5, 2024 18:05:23.243010998 CET804979991.197.17.8192.168.2.6
                                          Dec 5, 2024 18:05:23.243072987 CET4979980192.168.2.691.197.17.8
                                          Dec 5, 2024 18:05:23.243927956 CET804980191.197.17.8192.168.2.6
                                          Dec 5, 2024 18:05:23.243984938 CET4980180192.168.2.691.197.17.8
                                          Dec 5, 2024 18:05:25.827935934 CET49992443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:05:25.827971935 CET44349992142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:05:25.828031063 CET49992443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:05:25.828253984 CET49992443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:05:25.828265905 CET44349992142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:05:27.562483072 CET44349992142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:05:27.562798023 CET49992443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:05:27.562820911 CET44349992142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:05:27.563163042 CET44349992142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:05:27.563457012 CET49992443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:05:27.563514948 CET44349992142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:05:27.606724024 CET49992443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:05:37.256639957 CET44349992142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:05:37.256707907 CET44349992142.250.181.68192.168.2.6
                                          Dec 5, 2024 18:05:37.261903048 CET49992443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:05:38.031533003 CET49992443192.168.2.6142.250.181.68
                                          Dec 5, 2024 18:05:38.031568050 CET44349992142.250.181.68192.168.2.6

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 5, 2024 18:03:42.248627901 CET6082853192.168.2.61.1.1.1
                                          Dec 5, 2024 18:03:42.489622116 CET53608281.1.1.1192.168.2.6
                                          Dec 5, 2024 18:03:42.522116899 CET5125553192.168.2.61.1.1.1
                                          Dec 5, 2024 18:03:43.143528938 CET53512551.1.1.1192.168.2.6
                                          Dec 5, 2024 18:03:43.465696096 CET6142153192.168.2.61.1.1.1
                                          Dec 5, 2024 18:03:43.891447067 CET53614211.1.1.1192.168.2.6
                                          Dec 5, 2024 18:04:21.352426052 CET6280353192.168.2.61.1.1.1
                                          Dec 5, 2024 18:04:21.352591038 CET6388153192.168.2.61.1.1.1
                                          Dec 5, 2024 18:04:21.488509893 CET53642831.1.1.1192.168.2.6
                                          Dec 5, 2024 18:04:21.510371923 CET53608931.1.1.1192.168.2.6
                                          Dec 5, 2024 18:04:21.809674978 CET53628031.1.1.1192.168.2.6
                                          Dec 5, 2024 18:04:21.849172115 CET53638811.1.1.1192.168.2.6
                                          Dec 5, 2024 18:04:23.721187115 CET6214553192.168.2.61.1.1.1
                                          Dec 5, 2024 18:04:23.721410990 CET5522953192.168.2.61.1.1.1
                                          Dec 5, 2024 18:04:23.863428116 CET53621451.1.1.1192.168.2.6
                                          Dec 5, 2024 18:04:23.864353895 CET53552291.1.1.1192.168.2.6
                                          Dec 5, 2024 18:04:24.473371983 CET53643111.1.1.1192.168.2.6
                                          Dec 5, 2024 18:04:25.778188944 CET5988053192.168.2.61.1.1.1
                                          Dec 5, 2024 18:04:25.778430939 CET4998453192.168.2.61.1.1.1
                                          Dec 5, 2024 18:04:25.917608023 CET53598801.1.1.1192.168.2.6
                                          Dec 5, 2024 18:04:25.917643070 CET53499841.1.1.1192.168.2.6
                                          Dec 5, 2024 18:04:28.947489023 CET5367153192.168.2.61.1.1.1
                                          Dec 5, 2024 18:04:28.947623968 CET6255853192.168.2.61.1.1.1
                                          Dec 5, 2024 18:04:28.987031937 CET5555653192.168.2.61.1.1.1
                                          Dec 5, 2024 18:04:28.987490892 CET6052453192.168.2.61.1.1.1
                                          Dec 5, 2024 18:04:29.126121044 CET53555561.1.1.1192.168.2.6
                                          Dec 5, 2024 18:04:29.128699064 CET53605241.1.1.1192.168.2.6
                                          Dec 5, 2024 18:04:29.708163977 CET53536711.1.1.1192.168.2.6
                                          Dec 5, 2024 18:04:29.708893061 CET53625581.1.1.1192.168.2.6
                                          Dec 5, 2024 18:04:32.100162029 CET6329153192.168.2.61.1.1.1
                                          Dec 5, 2024 18:04:32.100382090 CET6397853192.168.2.61.1.1.1
                                          Dec 5, 2024 18:04:32.241941929 CET53632911.1.1.1192.168.2.6
                                          Dec 5, 2024 18:04:32.244235992 CET53639781.1.1.1192.168.2.6
                                          Dec 5, 2024 18:04:41.452827930 CET53588921.1.1.1192.168.2.6
                                          Dec 5, 2024 18:05:00.467749119 CET53643631.1.1.1192.168.2.6
                                          Dec 5, 2024 18:05:21.341557026 CET53578411.1.1.1192.168.2.6
                                          Dec 5, 2024 18:05:23.261867046 CET53615531.1.1.1192.168.2.6

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Dec 5, 2024 18:03:42.248627901 CET192.168.2.61.1.1.10x898aStandard query (0)savudenko.orgA (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:03:42.522116899 CET192.168.2.61.1.1.10xfe7dStandard query (0)mh29.mobyhost.ruA (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:03:43.465696096 CET192.168.2.61.1.1.10x8b34Standard query (0)sava80.co.uaA (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:04:21.352426052 CET192.168.2.61.1.1.10x9e2bStandard query (0)ukrnic.comA (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:04:21.352591038 CET192.168.2.61.1.1.10x1301Standard query (0)ukrnic.com65IN (0x0001)false
                                          Dec 5, 2024 18:04:23.721187115 CET192.168.2.61.1.1.10x4bb7Standard query (0)ukrnic.comA (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:04:23.721410990 CET192.168.2.61.1.1.10x3b04Standard query (0)ukrnic.com65IN (0x0001)false
                                          Dec 5, 2024 18:04:25.778188944 CET192.168.2.61.1.1.10xa63dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:04:25.778430939 CET192.168.2.61.1.1.10xc2b3Standard query (0)www.google.com65IN (0x0001)false
                                          Dec 5, 2024 18:04:28.947489023 CET192.168.2.61.1.1.10x6f52Standard query (0)get.mycounter.uaA (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:04:28.947623968 CET192.168.2.61.1.1.10xc23aStandard query (0)get.mycounter.ua65IN (0x0001)false
                                          Dec 5, 2024 18:04:28.987031937 CET192.168.2.61.1.1.10x9a9cStandard query (0)ukrnic.comA (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:04:28.987490892 CET192.168.2.61.1.1.10x55deStandard query (0)ukrnic.com65IN (0x0001)false
                                          Dec 5, 2024 18:04:32.100162029 CET192.168.2.61.1.1.10x58eeStandard query (0)get.mycounter.uaA (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:04:32.100382090 CET192.168.2.61.1.1.10xaf34Standard query (0)get.mycounter.ua65IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Dec 5, 2024 18:03:39.385724068 CET1.1.1.1192.168.2.60x4874No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                          Dec 5, 2024 18:03:39.385724068 CET1.1.1.1192.168.2.60x4874No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:03:42.489622116 CET1.1.1.1192.168.2.60x898aName error (3)savudenko.orgnonenoneA (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:03:43.143528938 CET1.1.1.1192.168.2.60xfe7dName error (3)mh29.mobyhost.runonenoneA (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:03:43.891447067 CET1.1.1.1192.168.2.60x8b34Name error (3)sava80.co.uanonenoneA (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:04:21.809674978 CET1.1.1.1192.168.2.60x9e2bNo error (0)ukrnic.com91.197.17.8A (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:04:23.863428116 CET1.1.1.1192.168.2.60x4bb7No error (0)ukrnic.com91.197.17.8A (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:04:25.917608023 CET1.1.1.1192.168.2.60xa63dNo error (0)www.google.com142.250.181.68A (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:04:25.917643070 CET1.1.1.1192.168.2.60xc2b3No error (0)www.google.com65IN (0x0001)false
                                          Dec 5, 2024 18:04:27.208051920 CET1.1.1.1192.168.2.60x3ca2No error (0)g-bing-com.ax-0001.ax-msedge.netax-0001.ax-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Dec 5, 2024 18:04:27.208051920 CET1.1.1.1192.168.2.60x3ca2No error (0)ax-0001.ax-msedge.net150.171.28.10A (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:04:27.208051920 CET1.1.1.1192.168.2.60x3ca2No error (0)ax-0001.ax-msedge.net150.171.27.10A (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:04:29.126121044 CET1.1.1.1192.168.2.60x9a9cNo error (0)ukrnic.com91.197.17.8A (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:04:29.708163977 CET1.1.1.1192.168.2.60x6f52No error (0)get.mycounter.ua62.149.0.249A (IP address)IN (0x0001)false
                                          Dec 5, 2024 18:04:32.241941929 CET1.1.1.1192.168.2.60x58eeNo error (0)get.mycounter.ua62.149.0.249A (IP address)IN (0x0001)false

                                          HTTP Request Dependency Graph

                                          • ukrnic.com
                                          • https:
                                            • get.mycounter.ua

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.64980091.197.17.8801616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          Dec 5, 2024 18:04:22.497189045 CET442OUTGET /~freexp/index.php HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          Upgrade-Insecure-Requests: 1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                          Accept-Encoding: gzip, deflate
                                          Accept-Language: en-US,en;q=0.9
                                          Dec 5, 2024 18:04:23.711318970 CET533INHTTP/1.1 301 Moved Permanently
                                          Date: Thu, 05 Dec 2024 17:04:23 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                          Cache-Control: no-store, no-cache, must-revalidate
                                          Pragma: no-cache
                                          Set-Cookie: PHPSESSID=a38274114025e8f860d5624314932b82; path=/; domain=.ukrnic.com; secure; HttpOnly
                                          Location: https://ukrnic.com/~freexp/index.php
                                          Keep-Alive: timeout=5, max=100
                                          Connection: Keep-Alive
                                          Transfer-Encoding: chunked
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 38 0d 0a 52 65 64 69 72 65 63 74 0d 0a
                                          Data Ascii: 8Redirect
                                          Dec 5, 2024 18:04:23.953100920 CET5INData Raw: 30 0d 0a 0d 0a
                                          Data Ascii: 0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.64979991.197.17.8801616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          Dec 5, 2024 18:05:07.356678009 CET6OUTData Raw: 00
                                          Data Ascii:


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.64980191.197.17.8801616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          Dec 5, 2024 18:05:07.626452923 CET6OUTData Raw: 00
                                          Data Ascii:


                                          HTTPS Proxied Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.64980891.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:25 UTC670OUTGET /~freexp/index.php HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          Upgrade-Insecure-Requests: 1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: navigate
                                          Sec-Fetch-User: ?1
                                          Sec-Fetch-Dest: document
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          sec-ch-ua-platform: "Windows"
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          2024-12-05 17:04:26 UTC427INHTTP/1.1 404 Not Found
                                          Date: Thu, 05 Dec 2024 17:04:26 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                          Cache-Control: no-store, no-cache, must-revalidate
                                          Pragma: no-cache
                                          Set-Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353; path=/; domain=.ukrnic.com; secure; HttpOnly
                                          Connection: close
                                          Transfer-Encoding: chunked
                                          Content-Type: text/html; charset=utf-8
                                          2024-12-05 17:04:26 UTC6239INData Raw: 31 38 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 55 6b 72 6e 69 63 20 2d 20 20 d0 a1 d0 b0 d0 b9 d1 82 d1 8b 2c 20 d0 a5 d0 be d1 81 d1 82 d0 b8 d0 bd d0 b3 2c 20 d0 94 d0 be d0 bc d0 b5 d0 bd d1 8b 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65
                                          Data Ascii: 1857<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Ukrnic - , , </title><meta name
                                          2024-12-05 17:04:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                          Data Ascii: 0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.64981791.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:27 UTC618OUTGET /templates/ukrnic/css/style.css HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-platform: "Windows"
                                          Accept: text/css,*/*;q=0.1
                                          Sec-Fetch-Site: same-origin
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: style
                                          Referer: https://ukrnic.com/~freexp/index.php
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:28 UTC291INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:28 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:42:27 GMT
                                          ETag: "1d61c7a-451d-61932800bdb6e"
                                          Accept-Ranges: bytes
                                          Content-Length: 17693
                                          Connection: close
                                          Content-Type: text/css
                                          2024-12-05 17:04:28 UTC7901INData Raw: 2f 2a 20 57 48 4f 49 53 20 53 45 52 57 49 53 2a 2f 0a 2e 74 65 73 74 65 64 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 2e 2e 2f 69 6d 61 67 65 73 2f 77 68 6f 69 73 2e 6a 70 67 29 3b 0a 77 69 64 74 68 3a 38 36 30 70 78 3b 0a 68 65 69 67 68 74 3a 20 31 34 36 70 78 3b 7d 0a 2e 74 64 5f 74 64 6c 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0a 09 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 7d 0a 2e 74 64 5f 77 77 77 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 0a 09 63 6f 6c 6f 72 3a 23
                                          Data Ascii: /* WHOIS SERWIS*/.tested{background-image:url(../images/whois.jpg);width:860px;height: 146px;}.td_tdl{font-family:arial;font-size:14px;color:#333333;font-weight:bold;text-align: left;}.td_www{font-family:arial;font-size:24px;color:#
                                          2024-12-05 17:04:28 UTC8000INData Raw: 6e 65 3b 0a 0a 7d 0a 0a 2e 75 73 65 72 73 74 6f 70 20 61 3a 68 6f 76 65 72 20 7b 0a 0a 09 63 6f 6c 6f 72 3a 20 23 35 30 37 38 64 35 3b 0a 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 0a 7d 0a 0a 2e 75 73 65 72 73 74 6f 70 20 74 64 20 7b 0a 0a 09 70 61 64 64 69 6e 67 3a 20 33 70 78 3b 0a 0a 7d 0a 0a 2e 75 73 65 72 73 74 6f 70 20 74 68 65 61 64 20 7b 0a 0a 09 63 6f 6c 6f 72 3a 20 23 35 35 35 35 35 35 3b 0a 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 0a 7d 0a 0a 0a 0a 2f 2a 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 20 2a 2f 0a 0a 0a 0a 2e 73 6b 69 6e 20 7b 0a 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0a 0a 7d 0a 0a 73 65 6c 65 63 74 20 7b 0a 0a 09 66 6f 6e 74 2d 73 69
                                          Data Ascii: ne;}.userstop a:hover {color: #5078d5;text-decoration: none;}.userstop td {padding: 3px;}.userstop thead {color: #555555;font-weight: bold;}/* ==================== */.skin {padding-left: 10px;}select {font-si
                                          2024-12-05 17:04:28 UTC1792INData Raw: 0a 0a 2e 62 6c 30 31 20 7b 0a 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 2e 2e 2f 69 6d 61 67 65 73 2f 64 6c 65 74 5f 62 6c 30 31 2e 67 69 66 29 3b 0a 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 0a 09 68 65 69 67 68 74 3a 20 32 37 70 78 3b 0a 0a 09 74 65 78 74 2d 69 6e 64 65 6e 74 3a 20 33 30 70 78 3b 0a 0a 09 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 0a 7d 0a 0a 2e 62 6c 74 69 74 6c 31 20 7b 0a 0a 09 63 6f 6c 6f 72 3a 20 23 63 34 31 30 30 66 3b 0a 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 74 61 68 6f 6d 61 3b 09 2f
                                          Data Ascii: .bl01 {background-image: url(../images/dlet_bl01.gif);background-repeat: no-repeat;height: 27px;text-indent: 30px;text-transform: uppercase;font-size: 11px;font-weight: bold;}.bltitl1 {color: #c4100f;font-family: tahoma;/


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.64982091.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:27 UTC619OUTGET /templates/ukrnic/css/user.css HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-platform: "Windows"
                                          Accept: text/css,*/*;q=0.1
                                          Sec-Fetch-Site: same-origin
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: style
                                          Referer: https://ukrnic.com/~freexp/index.php
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:28 UTC291INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:28 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:42:27 GMT
                                          ETag: "1d61c78-5853-61932800b4ece"
                                          Accept-Ranges: bytes
                                          Content-Length: 22611
                                          Connection: close
                                          Content-Type: text/css
                                          2024-12-05 17:04:28 UTC7901INData Raw: 2f 2a 20 44 45 46 41 55 4c 54 20 53 54 59 4c 45 53 20 4f 46 20 44 41 54 41 4c 49 46 45 20 45 4e 47 49 4e 45 20 2a 2f 0a 2f 2a 20 d1 ea f0 fb f2 e0 ff 20 f7 e0 f1 f2 fc 20 ef f0 ee e2 e5 f0 ea e8 20 e4 ee ec e5 ed ee e2 2a 2f 0a 2e 68 65 61 64 6c 69 6e 65 20 7b 0a 62 6f 72 64 65 72 3a 20 30 70 78 20 73 6f 6c 69 64 20 23 30 30 30 30 30 30 3b 20 0a 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 20 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 68 69 64 64 65 6e 20 7b 0a 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 20 0a 62 6f 72 64 65 72 3a 20 30 70 78 20 73 6f 6c 69 64 20 23 66 66 30 30 30 30 3b 20 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 70 78 3b 0a 7d 0a 0a 2f 2a 20 3d
                                          Data Ascii: /* DEFAULT STYLES OF DATALIFE user *//* */.headline {border: 0px solid #000000; cursor: pointer; text-align: center;}.hidden {display: none; border: 0px solid #ff0000; text-align: center; margin-top: 2px;}/* =
                                          2024-12-05 17:04:28 UTC8000INData Raw: 2e 61 74 74 61 63 68 6d 65 6e 74 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 38 30 38 30 38 30 3b 0a 7d 0a 0a 2f 2a 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 20 cf ee e8 f1 ea 20 ef ee 20 f1 e0 e9 f2 f3 20 e8 20 f0 e5 e7 f3 eb fc f2 e0 f2 fb 20 ef ee e8 f1 ea e0 20 2a 2f 0a 0a 2e 73 65 61 72 63 68 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 35 35 35 35 35 35 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 2e 74 65 78 74 69 6e 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 35 35 35 35 35 35 3b 09 09 09 2f 2a 20 21 21 21 20 d2 e5 ea f1 f2 20 e2 20 ef ee eb ff f5 20 ef ee e8 f1 ea ee e2 ee e9 20 f4 ee f0 ec fb 20 28 f0 e0 f1 f8 e8 f0 e5 ed ed ee e9 29 20 21 21 21 20 2a 2f 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a
                                          Data Ascii: .attachment {color: #808080;}/* ==================== */.search {color: #555555;text-decoration: none;}.textin {color: #555555;/* !!! () !!! */font-size: 11px;
                                          2024-12-05 17:04:28 UTC6710INData Raw: 77 69 64 67 65 74 2d 63 6f 6e 74 65 6e 74 20 2e 75 69 2d 73 74 61 74 65 2d 66 6f 63 75 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 64 30 65 35 66 35 20 75 72 6c 28 2e 2e 2f 69 6d 61 67 65 73 2f 75 69 2d 62 67 5f 67 6c 61 73 73 5f 37 35 2e 70 6e 67 29 20 35 30 25 20 35 30 25 20 72 65 70 65 61 74 2d 78 3b 0a 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 37 39 62 37 65 37 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 64 35 39 38 37 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 2e 75 69 2d 73 74 61 74 65 2d 68 6f 76 65 72 20 61 2c 20 2e 75 69 2d 73 74 61 74 65 2d 68 6f 76 65 72 20 61 3a 68 6f 76 65 72 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 31 64 35 39 38 37 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f
                                          Data Ascii: widget-content .ui-state-focus {background: #d0e5f5 url(../images/ui-bg_glass_75.png) 50% 50% repeat-x;border: 1px solid #79b7e7;color: #1d5987;font-weight: bold;}.ui-state-hover a, .ui-state-hover a:hover {color: #1d5987;text-decoration: no


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.64981991.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:27 UTC609OUTGET /user/classes/js/jquery.js?v=0d74b HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-platform: "Windows"
                                          Accept: */*
                                          Sec-Fetch-Site: same-origin
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: script
                                          Referer: https://ukrnic.com/~freexp/index.php
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:28 UTC306INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:28 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:48:58 GMT
                                          ETag: "1900220-14e4a-619329758fe9d"
                                          Accept-Ranges: bytes
                                          Content-Length: 85578
                                          Connection: close
                                          Content-Type: application/javascript
                                          2024-12-05 17:04:28 UTC7886INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e
                                          Data Ascii: /*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
                                          2024-12-05 17:04:28 UTC8000INData Raw: 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 28 22 69 6e 70 75 74 22 3d 3d 3d 63 7c 7c 22 62 75 74 74 6f 6e 22 3d 3d 3d 63 29 26 26 62 2e 74 79 70 65 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 6e 61 28 61 29 7b 72 65 74 75 72 6e 20 68 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 3d 2b 62 2c 68 61 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 2c 66 3d 61 28 5b 5d 2c 63 2e 6c 65 6e 67 74 68 2c 62 29 2c 67 3d 66 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 67 2d 2d 29 63 5b 65 3d 66 5b 67 5d 5d 26 26 28 63 5b 65 5d 3d 21 28 64 5b 65 5d 3d 63 5b 65 5d 29 29 7d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 61
                                          Data Ascii: return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function na(a){return ha(function(b){return b=+b,ha(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function oa
                                          2024-12-05 17:04:28 UTC8000INData Raw: 5b 64 5d 3d 66 5b 67 5d 29 7d 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 65 28 61 2c 30 2c 63 29 7d 29 3a 65 7d 7d 2c 70 73 65 75 64 6f 73 3a 7b 6e 6f 74 3a 68 61 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 5b 5d 2c 63 3d 5b 5d 2c 64 3d 68 28 61 2e 72 65 70 6c 61 63 65 28 51 2c 22 24 31 22 29 29 3b 72 65 74 75 72 6e 20 64 5b 75 5d 3f 68 61 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 65 29 7b 76 61 72 20 66 2c 67 3d 64 28 61 2c 6e 75 6c 6c 2c 65 2c 5b 5d 29 2c 68 3d 61 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 68 2d 2d 29 28 66 3d 67 5b 68 5d 29 26 26 28 61 5b 68 5d 3d 21 28 62 5b 68 5d 3d 66 29 29 7d 29 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 65 2c 66 29 7b 72 65 74 75 72 6e 20 62 5b 30 5d 3d 61 2c 64 28 62 2c 6e 75 6c 6c
                                          Data Ascii: [d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:ha(function(a){var b=[],c=[],d=h(a.replace(Q,"$1"));return d[u]?ha(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null
                                          2024-12-05 17:04:28 UTC8000INData Raw: 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 6e 28 61 29 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 62 3d 30 3b 63 3e 62 3b 62 2b 2b 29 69 66 28 6e 2e 63 6f 6e 74 61 69 6e 73 28 65 5b 62 5d 2c 74 68 69 73 29 29 72 65 74 75 72 6e 21 30 7d 29 29 3b 66 6f 72 28 62 3d 30 3b 63 3e 62 3b 62 2b 2b 29 6e 2e 66 69 6e 64 28 61 2c 65 5b 62 5d 2c 64 29 3b 72 65 74 75 72 6e 20 64 3d 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 63 3e 31 3f 6e 2e 75 6e 69 71 75 65 28 64 29 3a 64 29 2c 64 2e 73 65 6c 65 63 74 6f 72 3d 74 68 69 73 2e 73 65 6c 65 63 74 6f 72 3f 74 68 69 73 2e 73 65 6c 65 63 74 6f 72 2b 22 20 22 2b 61 3a 61 2c 64 7d 2c 66 69 6c 74 65 72 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53
                                          Data Ascii: n this.pushStack(n(a).filter(function(){for(b=0;c>b;b++)if(n.contains(e[b],this))return!0}));for(b=0;c>b;b++)n.find(a,e[b],d);return d=this.pushStack(c>1?n.unique(d):d),d.selector=this.selector?this.selector+" "+a:a,d},filter:function(a){return this.pushS
                                          2024-12-05 17:04:28 UTC8000INData Raw: 24 2f 2c 51 3d 2f 5b 41 2d 5a 5d 2f 67 3b 66 75 6e 63 74 69 6f 6e 20 52 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 63 26 26 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 69 66 28 64 3d 22 64 61 74 61 2d 22 2b 62 2e 72 65 70 6c 61 63 65 28 51 2c 22 2d 24 26 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 63 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 64 29 2c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 63 29 7b 74 72 79 7b 63 3d 22 74 72 75 65 22 3d 3d 3d 63 3f 21 30 3a 22 66 61 6c 73 65 22 3d 3d 3d 63 3f 21 31 3a 22 6e 75 6c 6c 22 3d 3d 3d 63 3f 6e 75 6c 6c 3a 2b 63 2b 22 22 3d 3d 3d 63 3f 2b 63 3a 50 2e 74 65 73 74 28 63 29 3f 6e 2e 70 61 72 73 65 4a 53 4f 4e 28 63 29 3a 63 3b 0a 7d 63 61 74 63 68 28 65 29
                                          Data Ascii: $/,Q=/[A-Z]/g;function R(a,b,c){var d;if(void 0===c&&1===a.nodeType)if(d="data-"+b.replace(Q,"-$&").toLowerCase(),c=a.getAttribute(d),"string"==typeof c){try{c="true"===c?!0:"false"===c?!1:"null"===c?null:+c+""===c?+c:P.test(c)?n.parseJSON(c):c;}catch(e)
                                          2024-12-05 17:04:28 UTC8000INData Raw: 74 3b 69 66 28 68 26 26 69 2e 6e 6f 64 65 54 79 70 65 26 26 28 22 63 6c 69 63 6b 22 21 3d 3d 61 2e 74 79 70 65 7c 7c 69 73 4e 61 4e 28 61 2e 62 75 74 74 6f 6e 29 7c 7c 61 2e 62 75 74 74 6f 6e 3c 31 29 29 66 6f 72 28 3b 69 21 3d 3d 74 68 69 73 3b 69 3d 69 2e 70 61 72 65 6e 74 4e 6f 64 65 7c 7c 74 68 69 73 29 69 66 28 31 3d 3d 3d 69 2e 6e 6f 64 65 54 79 70 65 26 26 28 69 2e 64 69 73 61 62 6c 65 64 21 3d 3d 21 30 7c 7c 22 63 6c 69 63 6b 22 21 3d 3d 61 2e 74 79 70 65 29 29 7b 66 6f 72 28 64 3d 5b 5d 2c 63 3d 30 3b 68 3e 63 3b 63 2b 2b 29 66 3d 62 5b 63 5d 2c 65 3d 66 2e 73 65 6c 65 63 74 6f 72 2b 22 20 22 2c 76 6f 69 64 20 30 3d 3d 3d 64 5b 65 5d 26 26 28 64 5b 65 5d 3d 66 2e 6e 65 65 64 73 43 6f 6e 74 65 78 74 3f 6e 28 65 2c 74 68 69 73 29 2e 69 6e 64 65 78
                                          Data Ascii: t;if(h&&i.nodeType&&("click"!==a.type||isNaN(a.button)||a.button<1))for(;i!==this;i=i.parentNode||this)if(1===i.nodeType&&(i.disabled!==!0||"click"!==a.type)){for(d=[],c=0;h>c;c++)f=b[c],e=f.selector+" ",void 0===d[e]&&(d[e]=f.needsContext?n(e,this).index
                                          2024-12-05 17:04:28 UTC8000INData Raw: 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 6e 2e 69 6e 41 72 72 61 79 28 74 68 69 73 2c 61 29 3c 30 26 26 28 6e 2e 63 6c 65 61 6e 44 61 74 61 28 5f 28 74 68 69 73 29 29 2c 63 26 26 63 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 62 2c 74 68 69 73 29 29 7d 2c 61 29 7d 7d 29 2c 6e 2e 65 61 63 68 28 7b 61 70 70 65 6e 64 54 6f 3a 22 61 70 70 65 6e 64 22 2c 70 72 65 70 65 6e 64 54 6f 3a 22 70 72 65 70 65 6e 64 22 2c 69 6e 73 65 72 74 42 65 66 6f 72 65 3a 22 62 65 66 6f 72 65 22 2c 69 6e 73 65 72 74 41 66 74 65 72 3a 22 61 66 74 65 72 22 2c 72 65 70 6c 61 63 65 41 6c 6c 3a 22 72 65 70 6c 61 63 65 57 69 74 68 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 6e 2e 66 6e 5b 61 5d 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 63 2c 64 3d 5b 5d 2c 65
                                          Data Ascii: is.parentNode;n.inArray(this,a)<0&&(n.cleanData(_(this)),c&&c.replaceChild(b,this))},a)}}),n.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){n.fn[a]=function(a){for(var c,d=[],e
                                          2024-12-05 17:04:28 UTC8000INData Raw: 6e 69 74 29 7d 7d 7d 2c 52 61 2e 70 72 6f 70 48 6f 6f 6b 73 2e 73 63 72 6f 6c 6c 54 6f 70 3d 52 61 2e 70 72 6f 70 48 6f 6f 6b 73 2e 73 63 72 6f 6c 6c 4c 65 66 74 3d 7b 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2e 65 6c 65 6d 2e 6e 6f 64 65 54 79 70 65 26 26 61 2e 65 6c 65 6d 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 28 61 2e 65 6c 65 6d 5b 61 2e 70 72 6f 70 5d 3d 61 2e 6e 6f 77 29 7d 7d 2c 6e 2e 65 61 73 69 6e 67 3d 7b 6c 69 6e 65 61 72 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7d 2c 73 77 69 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 2e 35 2d 4d 61 74 68 2e 63 6f 73 28 61 2a 4d 61 74 68 2e 50 49 29 2f 32 7d 2c 5f 64 65 66 61 75 6c 74 3a 22 73 77 69 6e 67 22 7d 2c 6e 2e 66 78 3d 52 61 2e 70 72 6f 74 6f 74 79
                                          Data Ascii: nit)}}},Ra.propHooks.scrollTop=Ra.propHooks.scrollLeft={set:function(a){a.elem.nodeType&&a.elem.parentNode&&(a.elem[a.prop]=a.now)}},n.easing={linear:function(a){return a},swing:function(a){return.5-Math.cos(a*Math.PI)/2},_default:"swing"},n.fx=Ra.prototy
                                          2024-12-05 17:04:28 UTC8000INData Raw: 70 72 6f 70 2c 61 2c 62 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 31 29 7d 2c 72 65 6d 6f 76 65 50 72 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 74 68 69 73 5b 6e 2e 70 72 6f 70 46 69 78 5b 61 5d 7c 7c 61 5d 7d 29 7d 7d 29 2c 6e 2e 65 78 74 65 6e 64 28 7b 70 72 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 2c 65 2c 66 3d 61 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 66 26 26 38 21 3d 3d 66 26 26 32 21 3d 3d 66 29 72 65 74 75 72 6e 20 31 3d 3d 3d 66 26 26 6e 2e 69 73 58 4d 4c 44 6f 63 28 61 29 7c 7c 28 62 3d 6e 2e 70 72 6f 70 46 69 78 5b 62 5d 7c 7c 62 2c 65 3d 6e 2e 70 72 6f 70 48 6f 6f 6b 73 5b 62 5d 29
                                          Data Ascii: prop,a,b,arguments.length>1)},removeProp:function(a){return this.each(function(){delete this[n.propFix[a]||a]})}}),n.extend({prop:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return 1===f&&n.isXMLDoc(a)||(b=n.propFix[b]||b,e=n.propHooks[b])
                                          2024-12-05 17:04:28 UTC8000INData Raw: 3d 69 5b 30 5d 26 26 69 2e 75 6e 73 68 69 66 74 28 66 29 2c 63 5b 66 5d 29 3a 76 6f 69 64 20 30 7d 66 75 6e 63 74 69 6f 6e 20 41 62 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 65 2c 66 2c 67 2c 68 2c 69 2c 6a 3d 7b 7d 2c 6b 3d 61 2e 64 61 74 61 54 79 70 65 73 2e 73 6c 69 63 65 28 29 3b 69 66 28 6b 5b 31 5d 29 66 6f 72 28 67 20 69 6e 20 61 2e 63 6f 6e 76 65 72 74 65 72 73 29 6a 5b 67 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 3d 61 2e 63 6f 6e 76 65 72 74 65 72 73 5b 67 5d 3b 66 3d 6b 2e 73 68 69 66 74 28 29 3b 77 68 69 6c 65 28 66 29 69 66 28 61 2e 72 65 73 70 6f 6e 73 65 46 69 65 6c 64 73 5b 66 5d 26 26 28 63 5b 61 2e 72 65 73 70 6f 6e 73 65 46 69 65 6c 64 73 5b 66 5d 5d 3d 62 29 2c 21 69 26 26 64 26 26 61 2e 64 61 74 61 46 69 6c 74 65 72 26 26 28 62 3d
                                          Data Ascii: =i[0]&&i.unshift(f),c[f]):void 0}function Ab(a,b,c,d){var e,f,g,h,i,j={},k=a.dataTypes.slice();if(k[1])for(g in a.converters)j[g.toLowerCase()]=a.converters[g];f=k.shift();while(f)if(a.responseFields[f]&&(c[a.responseFields[f]]=b),!i&&d&&a.dataFilter&&(b=


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          4192.168.2.64981891.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:27 UTC611OUTGET /user/classes/js/jqueryui.js?v=0d74b HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-platform: "Windows"
                                          Accept: */*
                                          Sec-Fetch-Site: same-origin
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: script
                                          Referer: https://ukrnic.com/~freexp/index.php
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:28 UTC306INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:28 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:48:58 GMT
                                          ETag: "1900222-177be-619329759354d"
                                          Accept-Ranges: bytes
                                          Content-Length: 96190
                                          Connection: close
                                          Content-Type: application/javascript
                                          2024-12-05 17:04:28 UTC7886INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 55 49 20 2d 20 76 31 2e 39 2e 32 20 2d 20 32 30 31 32 2d 31 31 2d 32 33 0a 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 75 69 2e 63 6f 6d 0a 2a 20 49 6e 63 6c 75 64 65 73 3a 20 6a 71 75 65 72 79 2e 75 69 2e 63 6f 72 65 2e 6a 73 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 32 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 3b 20 4c 69 63 65 6e 73 65 64 20 4d 49 54 20 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 69 28 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 75 3d 74 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 22 61 72 65 61 22 3d 3d 3d 75 3f 28 72 3d 74 2e 70 61
                                          Data Ascii: /*! jQuery UI - v1.9.2 - 2012-11-23* http://jqueryui.com* Includes: jquery.ui.core.js* Copyright 2012 jQuery Foundation and other contributors; Licensed MIT */(function(e,t){function i(t,n){var r,i,o,u=t.nodeName.toLowerCase();return"area"===u?(r=t.pa
                                          2024-12-05 17:04:28 UTC8000INData Raw: 6e 6f 6f 70 2c 5f 67 65 74 43 72 65 61 74 65 45 76 65 6e 74 44 61 74 61 3a 65 2e 6e 6f 6f 70 2c 5f 63 72 65 61 74 65 3a 65 2e 6e 6f 6f 70 2c 5f 69 6e 69 74 3a 65 2e 6e 6f 6f 70 2c 64 65 73 74 72 6f 79 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 64 65 73 74 72 6f 79 28 29 2c 74 68 69 73 2e 65 6c 65 6d 65 6e 74 2e 75 6e 62 69 6e 64 28 74 68 69 73 2e 65 76 65 6e 74 4e 61 6d 65 73 70 61 63 65 29 2e 72 65 6d 6f 76 65 44 61 74 61 28 74 68 69 73 2e 77 69 64 67 65 74 4e 61 6d 65 29 2e 72 65 6d 6f 76 65 44 61 74 61 28 74 68 69 73 2e 77 69 64 67 65 74 46 75 6c 6c 4e 61 6d 65 29 2e 72 65 6d 6f 76 65 44 61 74 61 28 65 2e 63 61 6d 65 6c 43 61 73 65 28 74 68 69 73 2e 77 69 64 67 65 74 46 75 6c 6c 4e 61 6d 65 29 29 2c 74 68 69 73 2e 77 69 64 67 65 74 28 29 2e
                                          Data Ascii: noop,_getCreateEventData:e.noop,_create:e.noop,_init:e.noop,destroy:function(){this._destroy(),this.element.unbind(this.eventNamespace).removeData(this.widgetName).removeData(this.widgetFullName).removeData(e.camelCase(this.widgetFullName)),this.widget().
                                          2024-12-05 17:04:28 UTC8000INData Raw: 28 29 2c 76 3d 7b 74 6f 70 3a 67 2e 73 63 72 6f 6c 6c 54 6f 70 28 29 2c 6c 65 66 74 3a 67 2e 73 63 72 6f 6c 6c 4c 65 66 74 28 29 7d 29 3a 77 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 3f 28 74 2e 61 74 3d 22 6c 65 66 74 20 74 6f 70 22 2c 6c 3d 64 3d 30 2c 76 3d 7b 74 6f 70 3a 77 2e 70 61 67 65 59 2c 6c 65 66 74 3a 77 2e 70 61 67 65 58 7d 29 3a 28 6c 3d 67 2e 6f 75 74 65 72 57 69 64 74 68 28 29 2c 64 3d 67 2e 6f 75 74 65 72 48 65 69 67 68 74 28 29 2c 76 3d 67 2e 6f 66 66 73 65 74 28 29 29 2c 6d 3d 65 2e 65 78 74 65 6e 64 28 7b 7d 2c 76 29 2c 65 2e 65 61 63 68 28 5b 22 6d 79 22 2c 22 61 74 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 28 74 5b 74 68 69 73 5d 7c 7c 22 22 29 2e 73 70 6c 69 74 28 22 20 22 29 2c 6e 2c 72 3b 65 2e 6c 65 6e 67 74
                                          Data Ascii: (),v={top:g.scrollTop(),left:g.scrollLeft()}):w.preventDefault?(t.at="left top",l=d=0,v={top:w.pageY,left:w.pageX}):(l=g.outerWidth(),d=g.outerHeight(),v=g.offset()),m=e.extend({},v),e.each(["my","at"],function(){var e=(t[this]||"").split(" "),n,r;e.lengt
                                          2024-12-05 17:04:28 UTC8000INData Raw: 61 76 69 6f 75 72 26 26 28 6e 3d 65 2e 75 69 2e 64 64 6d 61 6e 61 67 65 72 2e 64 72 6f 70 28 74 68 69 73 2c 74 29 29 2c 74 68 69 73 2e 64 72 6f 70 70 65 64 26 26 28 6e 3d 74 68 69 73 2e 64 72 6f 70 70 65 64 2c 74 68 69 73 2e 64 72 6f 70 70 65 64 3d 21 31 29 3b 76 61 72 20 72 3d 74 68 69 73 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2c 69 3d 21 31 3b 77 68 69 6c 65 28 72 26 26 28 72 3d 72 2e 70 61 72 65 6e 74 4e 6f 64 65 29 29 72 3d 3d 64 6f 63 75 6d 65 6e 74 26 26 28 69 3d 21 30 29 3b 69 66 28 21 69 26 26 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 68 65 6c 70 65 72 3d 3d 3d 22 6f 72 69 67 69 6e 61 6c 22 29 72 65 74 75 72 6e 21 31 3b 69 66 28 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 72 65 76 65 72 74 3d 3d 22 69 6e 76 61 6c 69 64 22 26 26 21 6e 7c 7c 74 68 69 73 2e 6f 70
                                          Data Ascii: aviour&&(n=e.ui.ddmanager.drop(this,t)),this.dropped&&(n=this.dropped,this.dropped=!1);var r=this.element[0],i=!1;while(r&&(r=r.parentNode))r==document&&(i=!0);if(!i&&this.options.helper==="original")return!1;if(this.options.revert=="invalid"&&!n||this.op
                                          2024-12-05 17:04:28 UTC8000INData Raw: 74 61 6e 63 65 2e 69 73 4f 76 65 72 3f 28 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 2e 69 73 4f 76 65 72 3d 30 2c 72 2e 63 61 6e 63 65 6c 48 65 6c 70 65 72 52 65 6d 6f 76 61 6c 3d 21 30 2c 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 2e 63 61 6e 63 65 6c 48 65 6c 70 65 72 52 65 6d 6f 76 61 6c 3d 21 31 2c 74 68 69 73 2e 73 68 6f 75 6c 64 52 65 76 65 72 74 26 26 28 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 2e 6f 70 74 69 6f 6e 73 2e 72 65 76 65 72 74 3d 21 30 29 2c 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 2e 5f 6d 6f 75 73 65 53 74 6f 70 28 74 29 2c 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 2e 6f 70 74 69 6f 6e 73 2e 68 65 6c 70 65 72 3d 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 2e 6f 70 74 69 6f 6e 73 2e 5f 68 65 6c 70 65 72 2c 72 2e 6f 70 74 69 6f 6e 73 2e 68 65 6c 70 65 72
                                          Data Ascii: tance.isOver?(this.instance.isOver=0,r.cancelHelperRemoval=!0,this.instance.cancelHelperRemoval=!1,this.shouldRevert&&(this.instance.options.revert=!0),this.instance._mouseStop(t),this.instance.options.helper=this.instance.options._helper,r.options.helper
                                          2024-12-05 17:04:28 UTC8000INData Raw: 6e 22 29 3b 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 2e 62 75 74 74 6f 6e 28 22 72 65 66 72 65 73 68 22 29 7d 2c 31 29 7d 2c 6c 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 74 2e 6e 61 6d 65 2c 72 3d 74 2e 66 6f 72 6d 2c 69 3d 65 28 5b 5d 29 3b 72 65 74 75 72 6e 20 6e 26 26 28 72 3f 69 3d 65 28 72 29 2e 66 69 6e 64 28 22 5b 6e 61 6d 65 3d 27 22 2b 6e 2b 22 27 5d 22 29 3a 69 3d 65 28 22 5b 6e 61 6d 65 3d 27 22 2b 6e 2b 22 27 5d 22 2c 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 29 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 74 68 69 73 2e 66 6f 72 6d 7d 29 29 2c 69 7d 3b 65 2e 77 69 64 67 65 74 28 22 75 69 2e 62 75 74 74 6f 6e 22 2c 7b 76 65 72 73 69 6f 6e 3a 22 31 2e 39 2e 32 22 2c
                                          Data Ascii: n");setTimeout(function(){t.button("refresh")},1)},l=function(t){var n=t.name,r=t.form,i=e([]);return n&&(r?i=e(r).find("[name='"+n+"']"):i=e("[name='"+n+"']",t.ownerDocument).filter(function(){return!this.form})),i};e.widget("ui.button",{version:"1.9.2",
                                          2024-12-05 17:04:28 UTC8000INData Raw: 2e 7a 49 6e 64 65 78 7d 29 2e 61 74 74 72 28 22 74 61 62 49 6e 64 65 78 22 2c 2d 31 29 2e 6b 65 79 64 6f 77 6e 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 2e 63 6c 6f 73 65 4f 6e 45 73 63 61 70 65 26 26 21 6e 2e 69 73 44 65 66 61 75 6c 74 50 72 65 76 65 6e 74 65 64 28 29 26 26 6e 2e 6b 65 79 43 6f 64 65 26 26 6e 2e 6b 65 79 43 6f 64 65 3d 3d 3d 65 2e 75 69 2e 6b 65 79 43 6f 64 65 2e 45 53 43 41 50 45 26 26 28 74 2e 63 6c 6f 73 65 28 6e 29 2c 6e 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 29 7d 29 2e 6d 6f 75 73 65 64 6f 77 6e 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 2e 6d 6f 76 65 54 6f 54 6f 70 28 21 31 2c 65 29 7d 29 2e 61 70 70 65 6e 64 54 6f 28 22 62 6f 64 79 22 29 2c 74 68 69 73 2e 65 6c 65 6d 65 6e 74 2e 73 68 6f 77 28 29 2e 72 65 6d 6f 76 65
                                          Data Ascii: .zIndex}).attr("tabIndex",-1).keydown(function(n){r.closeOnEscape&&!n.isDefaultPrevented()&&n.keyCode&&n.keyCode===e.ui.keyCode.ESCAPE&&(t.close(n),n.preventDefault())}).mousedown(function(e){t.moveToTop(!1,e)}).appendTo("body"),this.element.show().remove
                                          2024-12-05 17:04:28 UTC8000INData Raw: 6e 63 65 73 3a 5b 5d 2c 6d 61 78 5a 3a 30 2c 65 76 65 6e 74 73 3a 65 2e 6d 61 70 28 22 66 6f 63 75 73 2c 6d 6f 75 73 65 64 6f 77 6e 2c 6d 6f 75 73 65 75 70 2c 6b 65 79 64 6f 77 6e 2c 6b 65 79 70 72 65 73 73 2c 63 6c 69 63 6b 22 2e 73 70 6c 69 74 28 22 2c 22 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2b 22 2e 64 69 61 6c 6f 67 2d 6f 76 65 72 6c 61 79 22 7d 29 2e 6a 6f 69 6e 28 22 20 22 29 2c 63 72 65 61 74 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 73 2e 6c 65 6e 67 74 68 3d 3d 3d 30 26 26 28 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 65 2e 75 69 2e 64 69 61 6c 6f 67 2e 6f 76 65 72 6c 61 79 2e 69 6e 73 74 61 6e 63 65 73 2e 6c 65 6e 67 74 68 26 26 65 28 64 6f 63 75 6d 65 6e
                                          Data Ascii: nces:[],maxZ:0,events:e.map("focus,mousedown,mouseup,keydown,keypress,click".split(","),function(e){return e+".dialog-overlay"}).join(" "),create:function(t){this.instances.length===0&&(setTimeout(function(){e.ui.dialog.overlay.instances.length&&e(documen
                                          2024-12-05 17:04:28 UTC8000INData Raw: 70 61 72 65 6e 74 22 3a 74 68 69 73 2e 74 6f 52 67 62 61 53 74 72 69 6e 67 28 29 7d 7d 29 2c 6f 2e 66 6e 2e 70 61 72 73 65 2e 70 72 6f 74 6f 74 79 70 65 3d 6f 2e 66 6e 2c 75 2e 68 73 6c 61 2e 74 6f 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 65 5b 30 5d 3d 3d 6e 75 6c 6c 7c 7c 65 5b 31 5d 3d 3d 6e 75 6c 6c 7c 7c 65 5b 32 5d 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 65 5b 33 5d 5d 3b 76 61 72 20 74 3d 65 5b 30 5d 2f 32 35 35 2c 6e 3d 65 5b 31 5d 2f 32 35 35 2c 72 3d 65 5b 32 5d 2f 32 35 35 2c 69 3d 65 5b 33 5d 2c 73 3d 4d 61 74 68 2e 6d 61 78 28 74 2c 6e 2c 72 29 2c 6f 3d 4d 61 74 68 2e 6d 69 6e 28 74 2c 6e 2c 72 29 2c 75 3d 73 2d 6f 2c 61 3d 73 2b 6f 2c 66 3d 61 2a 2e 35 2c 6c 2c 63 3b 72 65 74 75 72 6e 20
                                          Data Ascii: parent":this.toRgbaString()}}),o.fn.parse.prototype=o.fn,u.hsla.to=function(e){if(e[0]==null||e[1]==null||e[2]==null)return[null,null,null,e[3]];var t=e[0]/255,n=e[1]/255,r=e[2]/255,i=e[3],s=Math.max(t,n,r),o=Math.min(t,n,r),u=s-o,a=s+o,f=a*.5,l,c;return
                                          2024-12-05 17:04:28 UTC8000INData Raw: 74 29 7b 72 65 74 75 72 6e 20 4d 61 74 68 2e 70 6f 77 28 74 2c 65 2b 32 29 7d 7d 29 2c 65 2e 65 78 74 65 6e 64 28 74 2c 7b 53 69 6e 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 2d 4d 61 74 68 2e 63 6f 73 28 65 2a 4d 61 74 68 2e 50 49 2f 32 29 7d 2c 43 69 72 63 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 2d 4d 61 74 68 2e 73 71 72 74 28 31 2d 65 2a 65 29 7d 2c 45 6c 61 73 74 69 63 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 30 7c 7c 65 3d 3d 3d 31 3f 65 3a 2d 4d 61 74 68 2e 70 6f 77 28 32 2c 38 2a 28 65 2d 31 29 29 2a 4d 61 74 68 2e 73 69 6e 28 28 28 65 2d 31 29 2a 38 30 2d 37 2e 35 29 2a 4d 61 74 68 2e 50 49 2f 31 35 29 7d 2c 42 61 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75
                                          Data Ascii: t){return Math.pow(t,e+2)}}),e.extend(t,{Sine:function(e){return 1-Math.cos(e*Math.PI/2)},Circ:function(e){return 1-Math.sqrt(1-e*e)},Elastic:function(e){return e===0||e===1?e:-Math.pow(2,8*(e-1))*Math.sin(((e-1)*80-7.5)*Math.PI/15)},Back:function(e){retu


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          5192.168.2.64982891.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:30 UTC682OUTGET /templates/ukrnic/images/head_bg.jpg HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-platform: "Windows"
                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: same-origin
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Referer: https://ukrnic.com/templates/ukrnic/css/style.css
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:30 UTC291INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:30 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:42:28 GMT
                                          ETag: "1d8114e-4ca-61932801d541a"
                                          Accept-Ranges: bytes
                                          Content-Length: 1226
                                          Connection: close
                                          Content-Type: image/jpeg
                                          2024-12-05 17:04:30 UTC1226INData Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 29 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d
                                          Data Ascii: ExifII*Ducky<)http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xm


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          6192.168.2.64982991.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:30 UTC666OUTGET /templates/ukrnic/images/logo.png HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-platform: "Windows"
                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: same-origin
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Referer: https://ukrnic.com/~freexp/index.php
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:30 UTC292INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:30 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:42:28 GMT
                                          ETag: "1d8115a-2992-61932801f6f2a"
                                          Accept-Ranges: bytes
                                          Content-Length: 10642
                                          Connection: close
                                          Content-Type: image/png
                                          2024-12-05 17:04:30 UTC7900INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 21 00 00 00 42 08 06 00 00 00 18 0a 60 5b 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 20 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20
                                          Data Ascii: PNGIHDR!B`[tEXtSoftwareAdobe ImageReadyqe< iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00
                                          2024-12-05 17:04:30 UTC2742INData Raw: c1 c5 75 5f b4 6e 02 77 2f 0c 4c bc 1d 62 63 63 dd 0b 38 31 4e a5 b0 7a 75 40 7e 08 95 4d c8 17 39 9c 8d f0 5d 61 2e 94 d7 7f 0f 63 33 17 89 c6 5a dc 1e 39 3e 9e fe ea 74 0f c1 c9 ca a1 50 ee 58 01 ce 20 8d d6 e1 9c e7 a9 27 e5 a0 6a 17 10 b5 e6 21 3a 27 fd 07 a5 b8 be 7f 84 51 d3 f5 5d 65 ff 67 c0 d8 04 fb fe b5 18 46 de b1 54 ae ab 1d 6b d6 8f 4d cf 9c 52 30 76 f5 d9 1d f1 bc e5 ff 62 74 50 b3 e2 d6 fe ef 12 a0 70 41 68 f2 50 53 41 66 c6 a7 a7 1f ab 6a b2 aa aa f9 5e bf 2f 6c 56 a5 9f ae f3 7a 1d 02 e6 a6 25 ab a1 75 b7 0d cf cd 0f 03 0d 94 82 92 67 61 52 f4 0a 77 0e 19 dc e2 46 a5 ba 13 6a 6b 27 91 d9 7e 1b 34 bb 8a 69 2c 48 0b bf 27 a4 3d af 12 e2 c0 28 64 83 96 ef 4d f4 d1 49 74 c9 04 16 5c c7 85 b6 17 54 1b 0f 9f 5e 03 56 47 79 d8 80 90 7b 86 aa fa
                                          Data Ascii: u_nw/Lbcc81Nzu@~M9]a.c3Z9>tPX 'j!:'Q]egFTkMR0vbtPpAhPSAfj^/lVz%ugaRwFjk'~4i,H'=(dMIt\T^VGy{


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          7192.168.2.64983291.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:30 UTC668OUTGET /templates/ukrnic/images/head_l.jpg HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-platform: "Windows"
                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: same-origin
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Referer: https://ukrnic.com/~freexp/index.php
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:30 UTC291INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:30 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:42:28 GMT
                                          ETag: "1d8114f-53b-61932801da622"
                                          Accept-Ranges: bytes
                                          Content-Length: 1339
                                          Connection: close
                                          Content-Type: image/jpeg
                                          2024-12-05 17:04:30 UTC1339INData Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 29 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d
                                          Data Ascii: ExifII*Ducky<)http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xm


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          8192.168.2.64983191.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:30 UTC668OUTGET /templates/ukrnic/images/head_r.jpg HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-platform: "Windows"
                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: same-origin
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Referer: https://ukrnic.com/~freexp/index.php
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:31 UTC291INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:30 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:42:28 GMT
                                          ETag: "1d81150-97f-61932801dadf2"
                                          Accept-Ranges: bytes
                                          Content-Length: 2431
                                          Connection: close
                                          Content-Type: image/jpeg
                                          2024-12-05 17:04:31 UTC2431INData Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 29 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d
                                          Data Ascii: ExifII*Ducky<)http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xm


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          9192.168.2.64983391.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:30 UTC669OUTGET /templates/ukrnic/images/liqpay6.png HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-platform: "Windows"
                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: same-origin
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Referer: https://ukrnic.com/~freexp/index.php
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:31 UTC291INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:30 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:42:28 GMT
                                          ETag: "1d81158-201e-61932801efde2"
                                          Accept-Ranges: bytes
                                          Content-Length: 8222
                                          Connection: close
                                          Content-Type: image/png
                                          2024-12-05 17:04:31 UTC7901INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 1b 08 06 00 00 00 39 f2 c0 1f 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 1f b3 49 44 41 54 78 5e ed 5c 77 60 15 c5 fa 3d e9 95 f4 9e 90 40 42 42 20 40 90 1e 42 95 22 1d 69 4a 11 11 44 b1 2b a2 4f 8a 02 0a 88 a2 80 0f 2c 20 0a 22 1d 94 5e 04 21 94 50 12 7a 09 69 a4 91 de 7b af bf f3 ed bd d7 14 8a c0 e3 f7 9e 7f 70 60 d8 dd 99 d9 99 dd 99 af 9c 6f 66 2f 5a 35 04 9e e0 09 fe cb a8 2e 2f 47 59 42 02 f2 4e 9e 44 5e 60 20 f2 7f f9 05 d5 cc d7 52 15 2b d0 71 74 84 f5 ab af c2 ac 63 47 98 75 ef 0e 5d 33 33 75 c9 5d 50 94 02 a4 5d 06 22 0e 02 29 db 81 92 4c 75 81 1a 86 bc d7 66 08 d0
                                          Data Ascii: PNGIHDR9sRGBgAMAapHYs+IDATx^\w`=@BB @B"iJD+O, "^!Pzi{p`of/Z5./GYBND^` R+qtcGu]33u]P]")Luf
                                          2024-12-05 17:04:31 UTC321INData Raw: 36 e3 a1 73 aa 55 2d 51 7e d9 e7 95 57 68 28 d5 9a 3c 8d b7 13 e5 70 6c 03 74 9b 0f d4 f9 51 5c 43 fc cf 15 44 83 2a 5a 28 1d 1d b1 62 4f f0 50 08 65 1c 18 b5 89 5e 82 de c2 94 6e c2 82 93 6e 4d 3a 6c e5 4b a1 61 d0 69 d6 9c 12 48 e9 79 dc 8b 04 22 36 12 08 94 52 51 64 03 56 56 2d ad 7c f8 0c 2e ea 0a f7 86 fc 4e 3d 7b d7 2e 64 fc f0 03 8a c2 c2 14 99 15 21 14 d9 96 24 10 65 d0 a8 ab ec eb 58 8d 1d 0b 9b 97 5f 86 79 97 ce d0 31 aa f3 2e f2 a3 b7 d8 83 aa ff 17 2b f5 74 ed aa 94 86 36 0a c4 7b 8a 03 94 7c b9 d5 96 d4 d8 87 54 d0 63 08 9f f7 fe cb fa ff 18 05 79 82 87 40 7e 24 10 b2 00 48 da 03 b8 4c a1 59 ed 08 c8 4f a5 8d 28 9c 12 43 69 7e 38 f2 0f 47 75 69 29 4a a2 a3 51 42 25 29 bc 7a 15 e5 49 49 28 09 8f 84 96 a9 31 8c bd bc 60 e0 d2 18 e6 bd 7a c2 d0
                                          Data Ascii: 6sU-Q~Wh(<pltQ\CD*Z(bOPe^nnM:lKaiHy"6RQdVV-|.N={.d!$eX_y1.+t6{|Tcy@~$HLYO(Ci~8Gui)JQB%)zII(1`z


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          10192.168.2.64983591.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:30 UTC609OUTGET /user/classes/js/dle_js.js?v=0d74b HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-platform: "Windows"
                                          Accept: */*
                                          Sec-Fetch-Site: same-origin
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: script
                                          Referer: https://ukrnic.com/~freexp/index.php
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:31 UTC305INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:30 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:48:58 GMT
                                          ETag: "190021f-9857-619329758db75"
                                          Accept-Ranges: bytes
                                          Content-Length: 38999
                                          Connection: close
                                          Content-Type: application/javascript
                                          2024-12-05 17:04:31 UTC7887INData Raw: 76 61 72 20 63 5f 63 61 63 68 65 3d 5b 5d 2c 64 6c 65 5f 70 6f 6c 6c 5f 76 6f 74 65 64 3d 5b 5d 3b 66 75 6e 63 74 69 6f 6e 20 72 65 6c 6f 61 64 28 29 7b 76 61 72 20 65 3d 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 64 6c 65 2d 63 61 70 74 63 68 61 22 29 2e 69 6e 6e 65 72 48 54 4d 4c 3d 27 3c 69 6d 67 20 73 72 63 3d 22 27 2b 64 6c 65 5f 72 6f 6f 74 2b 22 65 6e 67 69 6e 65 2f 6d 6f 64 75 6c 65 73 2f 61 6e 74 69 62 6f 74 2f 61 6e 74 69 62 6f 74 2e 70 68 70 3f 72 6e 64 76 61 6c 3d 22 2b 65 2b 27 22 20 77 69 64 74 68 3d 22 31 36 30 22 20 68 65 69 67 68 74 3d 22 38 30 22 20 61 6c 74 3d 22 22 20 2f 3e 27 7d 66 75 6e 63 74 69 6f 6e 20 64 6c 65 5f 63 68 61 6e 67 65 5f 73
                                          Data Ascii: var c_cache=[],dle_poll_voted=[];function reload(){var e=(new Date).getTime();document.getElementById("dle-captcha").innerHTML='<img src="'+dle_root+"user/modules/antibot/antibot.php?rndval="+e+'" width="160" height="80" alt="" />'}function dle_change_s
                                          2024-12-05 17:04:31 UTC8000INData Raw: 74 29 29 3a 22 32 22 3d 3d 64 6c 65 5f 63 61 70 74 63 68 61 5f 74 79 70 65 26 26 28 6c 3d 24 28 22 23 70 6d 2d 72 65 63 61 70 74 63 68 61 2d 72 65 73 70 6f 6e 73 65 22 29 2e 76 61 6c 28 29 29 2c 64 3d 64 7c 7c 30 2c 6e 3d 6e 7c 7c 22 22 2c 69 3d 69 7c 7c 22 22 2c 53 68 6f 77 4c 6f 61 64 69 6e 67 28 22 22 29 2c 24 2e 70 6f 73 74 28 64 6c 65 5f 72 6f 6f 74 2b 22 65 6e 67 69 6e 65 2f 61 6a 61 78 2f 63 6f 6e 74 72 6f 6c 6c 65 72 2e 70 68 70 3f 6d 6f 64 3d 70 6d 22 2c 7b 61 63 74 69 6f 6e 3a 22 73 65 6e 64 5f 70 6d 22 2c 73 75 62 6a 3a 65 2c 63 6f 6d 6d 65 6e 74 73 3a 6f 2c 6e 61 6d 65 3a 74 2c 73 6b 69 6e 3a 64 6c 65 5f 73 6b 69 6e 2c 73 65 63 5f 63 6f 64 65 3a 6e 2c 71 75 65 73 74 69 6f 6e 5f 61 6e 73 77 65 72 3a 69 2c 67 5f 72 65 63 61 70 74 63 68 61 5f 72
                                          Data Ascii: t)):"2"==dle_captcha_type&&(l=$("#pm-recaptcha-response").val()),d=d||0,n=n||"",i=i||"",ShowLoading(""),$.post(dle_root+"user/ajax/controller.php?mod=pm",{action:"send_pm",subj:e,comments:o,name:t,skin:dle_skin,sec_code:n,question_answer:i,g_recaptcha_r
                                          2024-12-05 17:04:31 UTC8000INData Raw: 72 74 3a 6f 2c 6e 65 77 73 5f 69 64 3a 74 2c 73 6b 69 6e 3a 64 6c 65 5f 73 6b 69 6e 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 48 69 64 65 4c 6f 61 64 69 6e 67 28 22 22 29 2c 69 73 4e 61 4e 28 6f 29 7c 7c 69 73 4e 61 4e 28 74 29 7c 7c 28 24 28 22 23 64 6c 65 2d 63 6f 6d 6d 2d 6c 69 6e 6b 22 29 2e 6f 66 66 28 22 63 6c 69 63 6b 22 29 2c 24 28 22 23 64 6c 65 2d 63 6f 6d 6d 2d 6c 69 6e 6b 22 29 2e 6f 6e 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 43 6f 6d 6d 65 6e 74 73 50 61 67 65 28 6f 2c 74 29 2c 21 31 7d 29 29 2c 73 63 72 6f 6c 6c 28 30 2c 24 28 22 23 64 6c 65 2d 63 6f 6d 6d 65 6e 74 73 2d 6c 69 73 74 22 29 2e 6f 66 66 73 65 74 28 29 2e 74 6f 70 2d 31 30 30 29 2c 24 28 22 23 64 6c 65 2d 63 6f 6d 6d 65 6e 74 73 2d 6c 69
                                          Data Ascii: rt:o,news_id:t,skin:dle_skin},function(e){HideLoading(""),isNaN(o)||isNaN(t)||($("#dle-comm-link").off("click"),$("#dle-comm-link").on("click",function(){return CommentsPage(o,t),!1})),scroll(0,$("#dle-comments-list").offset().top-100),$("#dle-comments-li
                                          2024-12-05 17:04:31 UTC8000INData Raw: 3e 3c 74 65 78 74 61 72 65 61 20 6e 61 6d 65 3d 27 64 6c 65 2d 70 72 6f 6d 74 2d 74 65 78 74 27 20 69 64 3d 27 64 6c 65 2d 70 72 6f 6d 74 2d 74 65 78 74 27 20 63 6c 61 73 73 3d 27 75 69 2d 77 69 64 67 65 74 2d 63 6f 6e 74 65 6e 74 20 75 69 2d 63 6f 72 6e 65 72 2d 61 6c 6c 27 20 73 74 79 6c 65 3d 27 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 34 30 70 78 3b 27 3e 3c 2f 74 65 78 74 61 72 65 61 3e 22 2b 6f 2b 22 3c 2f 64 69 76 3e 22 29 2c 24 28 22 23 64 6c 65 63 6f 6d 70 6c 61 69 6e 74 22 29 2e 64 69 61 6c 6f 67 28 7b 61 75 74 6f 4f 70 65 6e 3a 21 30 2c 77 69 64 74 68 3a 36 30 30 2c 72 65 73 69 7a 61 62 6c 65 3a 21 31 2c 64 69 61 6c 6f 67 43 6c 61 73 73 3a 22 6d 6f 64 61 6c 66 69 78 65 64 20 64 6c 65 2d 70 6f 70 75 70 2d 63 6f 6d 70 6c 61 69 6e
                                          Data Ascii: ><textarea name='dle-promt-text' id='dle-promt-text' class='ui-widget-content ui-corner-all' style='width:100%;height:140px;'></textarea>"+o+"</div>"),$("#dlecomplaint").dialog({autoOpen:!0,width:600,resizable:!1,dialogClass:"modalfixed dle-popup-complain
                                          2024-12-05 17:04:31 UTC7112INData Raw: 75 74 28 35 30 30 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 24 28 74 68 69 73 29 2e 68 74 6d 6c 28 65 29 2c 24 28 74 68 69 73 29 2e 66 61 64 65 49 6e 28 35 30 30 29 7d 29 7d 29 29 2c 21 31 7d 66 75 6e 63 74 69 6f 6e 20 41 64 64 49 67 6e 6f 72 65 50 4d 28 65 2c 6f 29 7b 44 4c 45 63 6f 6e 66 69 72 6d 28 6f 2c 64 6c 65 5f 63 6f 6e 66 69 72 6d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 53 68 6f 77 4c 6f 61 64 69 6e 67 28 22 22 29 2c 24 2e 67 65 74 28 64 6c 65 5f 72 6f 6f 74 2b 22 65 6e 67 69 6e 65 2f 61 6a 61 78 2f 63 6f 6e 74 72 6f 6c 6c 65 72 2e 70 68 70 3f 6d 6f 64 3d 70 6d 22 2c 7b 69 64 3a 65 2c 61 63 74 69 6f 6e 3a 22 61 64 64 5f 69 67 6e 6f 72 65 22 2c 73 6b 69 6e 3a 64 6c 65 5f 73 6b 69 6e 2c 75 73 65 72 5f 68 61 73 68 3a 64 6c 65 5f 6c 6f 67 69 6e 5f 68 61 73 68
                                          Data Ascii: ut(500,function(){$(this).html(e),$(this).fadeIn(500)})})),!1}function AddIgnorePM(e,o){DLEconfirm(o,dle_confirm,function(){ShowLoading(""),$.get(dle_root+"user/ajax/controller.php?mod=pm",{id:e,action:"add_ignore",skin:dle_skin,user_hash:dle_login_hash


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          11192.168.2.64983691.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:30 UTC421OUTGET /user/classes/js/jquery.js?v=0d74b HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:31 UTC306INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:30 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:48:58 GMT
                                          ETag: "1900220-14e4a-619329758fe9d"
                                          Accept-Ranges: bytes
                                          Content-Length: 85578
                                          Connection: close
                                          Content-Type: application/javascript
                                          2024-12-05 17:04:31 UTC7886INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e
                                          Data Ascii: /*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
                                          2024-12-05 17:04:31 UTC8000INData Raw: 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 28 22 69 6e 70 75 74 22 3d 3d 3d 63 7c 7c 22 62 75 74 74 6f 6e 22 3d 3d 3d 63 29 26 26 62 2e 74 79 70 65 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 6e 61 28 61 29 7b 72 65 74 75 72 6e 20 68 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 3d 2b 62 2c 68 61 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 2c 66 3d 61 28 5b 5d 2c 63 2e 6c 65 6e 67 74 68 2c 62 29 2c 67 3d 66 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 67 2d 2d 29 63 5b 65 3d 66 5b 67 5d 5d 26 26 28 63 5b 65 5d 3d 21 28 64 5b 65 5d 3d 63 5b 65 5d 29 29 7d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 61
                                          Data Ascii: return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function na(a){return ha(function(b){return b=+b,ha(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function oa
                                          2024-12-05 17:04:31 UTC8000INData Raw: 5b 64 5d 3d 66 5b 67 5d 29 7d 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 65 28 61 2c 30 2c 63 29 7d 29 3a 65 7d 7d 2c 70 73 65 75 64 6f 73 3a 7b 6e 6f 74 3a 68 61 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 5b 5d 2c 63 3d 5b 5d 2c 64 3d 68 28 61 2e 72 65 70 6c 61 63 65 28 51 2c 22 24 31 22 29 29 3b 72 65 74 75 72 6e 20 64 5b 75 5d 3f 68 61 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 65 29 7b 76 61 72 20 66 2c 67 3d 64 28 61 2c 6e 75 6c 6c 2c 65 2c 5b 5d 29 2c 68 3d 61 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 68 2d 2d 29 28 66 3d 67 5b 68 5d 29 26 26 28 61 5b 68 5d 3d 21 28 62 5b 68 5d 3d 66 29 29 7d 29 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 65 2c 66 29 7b 72 65 74 75 72 6e 20 62 5b 30 5d 3d 61 2c 64 28 62 2c 6e 75 6c 6c
                                          Data Ascii: [d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:ha(function(a){var b=[],c=[],d=h(a.replace(Q,"$1"));return d[u]?ha(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null
                                          2024-12-05 17:04:31 UTC8000INData Raw: 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 6e 28 61 29 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 62 3d 30 3b 63 3e 62 3b 62 2b 2b 29 69 66 28 6e 2e 63 6f 6e 74 61 69 6e 73 28 65 5b 62 5d 2c 74 68 69 73 29 29 72 65 74 75 72 6e 21 30 7d 29 29 3b 66 6f 72 28 62 3d 30 3b 63 3e 62 3b 62 2b 2b 29 6e 2e 66 69 6e 64 28 61 2c 65 5b 62 5d 2c 64 29 3b 72 65 74 75 72 6e 20 64 3d 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 63 3e 31 3f 6e 2e 75 6e 69 71 75 65 28 64 29 3a 64 29 2c 64 2e 73 65 6c 65 63 74 6f 72 3d 74 68 69 73 2e 73 65 6c 65 63 74 6f 72 3f 74 68 69 73 2e 73 65 6c 65 63 74 6f 72 2b 22 20 22 2b 61 3a 61 2c 64 7d 2c 66 69 6c 74 65 72 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53
                                          Data Ascii: n this.pushStack(n(a).filter(function(){for(b=0;c>b;b++)if(n.contains(e[b],this))return!0}));for(b=0;c>b;b++)n.find(a,e[b],d);return d=this.pushStack(c>1?n.unique(d):d),d.selector=this.selector?this.selector+" "+a:a,d},filter:function(a){return this.pushS
                                          2024-12-05 17:04:31 UTC8000INData Raw: 24 2f 2c 51 3d 2f 5b 41 2d 5a 5d 2f 67 3b 66 75 6e 63 74 69 6f 6e 20 52 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 63 26 26 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 69 66 28 64 3d 22 64 61 74 61 2d 22 2b 62 2e 72 65 70 6c 61 63 65 28 51 2c 22 2d 24 26 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 63 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 64 29 2c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 63 29 7b 74 72 79 7b 63 3d 22 74 72 75 65 22 3d 3d 3d 63 3f 21 30 3a 22 66 61 6c 73 65 22 3d 3d 3d 63 3f 21 31 3a 22 6e 75 6c 6c 22 3d 3d 3d 63 3f 6e 75 6c 6c 3a 2b 63 2b 22 22 3d 3d 3d 63 3f 2b 63 3a 50 2e 74 65 73 74 28 63 29 3f 6e 2e 70 61 72 73 65 4a 53 4f 4e 28 63 29 3a 63 3b 0a 7d 63 61 74 63 68 28 65 29
                                          Data Ascii: $/,Q=/[A-Z]/g;function R(a,b,c){var d;if(void 0===c&&1===a.nodeType)if(d="data-"+b.replace(Q,"-$&").toLowerCase(),c=a.getAttribute(d),"string"==typeof c){try{c="true"===c?!0:"false"===c?!1:"null"===c?null:+c+""===c?+c:P.test(c)?n.parseJSON(c):c;}catch(e)
                                          2024-12-05 17:04:31 UTC8000INData Raw: 74 3b 69 66 28 68 26 26 69 2e 6e 6f 64 65 54 79 70 65 26 26 28 22 63 6c 69 63 6b 22 21 3d 3d 61 2e 74 79 70 65 7c 7c 69 73 4e 61 4e 28 61 2e 62 75 74 74 6f 6e 29 7c 7c 61 2e 62 75 74 74 6f 6e 3c 31 29 29 66 6f 72 28 3b 69 21 3d 3d 74 68 69 73 3b 69 3d 69 2e 70 61 72 65 6e 74 4e 6f 64 65 7c 7c 74 68 69 73 29 69 66 28 31 3d 3d 3d 69 2e 6e 6f 64 65 54 79 70 65 26 26 28 69 2e 64 69 73 61 62 6c 65 64 21 3d 3d 21 30 7c 7c 22 63 6c 69 63 6b 22 21 3d 3d 61 2e 74 79 70 65 29 29 7b 66 6f 72 28 64 3d 5b 5d 2c 63 3d 30 3b 68 3e 63 3b 63 2b 2b 29 66 3d 62 5b 63 5d 2c 65 3d 66 2e 73 65 6c 65 63 74 6f 72 2b 22 20 22 2c 76 6f 69 64 20 30 3d 3d 3d 64 5b 65 5d 26 26 28 64 5b 65 5d 3d 66 2e 6e 65 65 64 73 43 6f 6e 74 65 78 74 3f 6e 28 65 2c 74 68 69 73 29 2e 69 6e 64 65 78
                                          Data Ascii: t;if(h&&i.nodeType&&("click"!==a.type||isNaN(a.button)||a.button<1))for(;i!==this;i=i.parentNode||this)if(1===i.nodeType&&(i.disabled!==!0||"click"!==a.type)){for(d=[],c=0;h>c;c++)f=b[c],e=f.selector+" ",void 0===d[e]&&(d[e]=f.needsContext?n(e,this).index
                                          2024-12-05 17:04:31 UTC8000INData Raw: 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 6e 2e 69 6e 41 72 72 61 79 28 74 68 69 73 2c 61 29 3c 30 26 26 28 6e 2e 63 6c 65 61 6e 44 61 74 61 28 5f 28 74 68 69 73 29 29 2c 63 26 26 63 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 62 2c 74 68 69 73 29 29 7d 2c 61 29 7d 7d 29 2c 6e 2e 65 61 63 68 28 7b 61 70 70 65 6e 64 54 6f 3a 22 61 70 70 65 6e 64 22 2c 70 72 65 70 65 6e 64 54 6f 3a 22 70 72 65 70 65 6e 64 22 2c 69 6e 73 65 72 74 42 65 66 6f 72 65 3a 22 62 65 66 6f 72 65 22 2c 69 6e 73 65 72 74 41 66 74 65 72 3a 22 61 66 74 65 72 22 2c 72 65 70 6c 61 63 65 41 6c 6c 3a 22 72 65 70 6c 61 63 65 57 69 74 68 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 6e 2e 66 6e 5b 61 5d 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 63 2c 64 3d 5b 5d 2c 65
                                          Data Ascii: is.parentNode;n.inArray(this,a)<0&&(n.cleanData(_(this)),c&&c.replaceChild(b,this))},a)}}),n.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){n.fn[a]=function(a){for(var c,d=[],e
                                          2024-12-05 17:04:31 UTC8000INData Raw: 6e 69 74 29 7d 7d 7d 2c 52 61 2e 70 72 6f 70 48 6f 6f 6b 73 2e 73 63 72 6f 6c 6c 54 6f 70 3d 52 61 2e 70 72 6f 70 48 6f 6f 6b 73 2e 73 63 72 6f 6c 6c 4c 65 66 74 3d 7b 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2e 65 6c 65 6d 2e 6e 6f 64 65 54 79 70 65 26 26 61 2e 65 6c 65 6d 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 28 61 2e 65 6c 65 6d 5b 61 2e 70 72 6f 70 5d 3d 61 2e 6e 6f 77 29 7d 7d 2c 6e 2e 65 61 73 69 6e 67 3d 7b 6c 69 6e 65 61 72 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7d 2c 73 77 69 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 2e 35 2d 4d 61 74 68 2e 63 6f 73 28 61 2a 4d 61 74 68 2e 50 49 29 2f 32 7d 2c 5f 64 65 66 61 75 6c 74 3a 22 73 77 69 6e 67 22 7d 2c 6e 2e 66 78 3d 52 61 2e 70 72 6f 74 6f 74 79
                                          Data Ascii: nit)}}},Ra.propHooks.scrollTop=Ra.propHooks.scrollLeft={set:function(a){a.elem.nodeType&&a.elem.parentNode&&(a.elem[a.prop]=a.now)}},n.easing={linear:function(a){return a},swing:function(a){return.5-Math.cos(a*Math.PI)/2},_default:"swing"},n.fx=Ra.prototy
                                          2024-12-05 17:04:31 UTC8000INData Raw: 70 72 6f 70 2c 61 2c 62 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 31 29 7d 2c 72 65 6d 6f 76 65 50 72 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 74 68 69 73 5b 6e 2e 70 72 6f 70 46 69 78 5b 61 5d 7c 7c 61 5d 7d 29 7d 7d 29 2c 6e 2e 65 78 74 65 6e 64 28 7b 70 72 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 2c 65 2c 66 3d 61 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 66 26 26 38 21 3d 3d 66 26 26 32 21 3d 3d 66 29 72 65 74 75 72 6e 20 31 3d 3d 3d 66 26 26 6e 2e 69 73 58 4d 4c 44 6f 63 28 61 29 7c 7c 28 62 3d 6e 2e 70 72 6f 70 46 69 78 5b 62 5d 7c 7c 62 2c 65 3d 6e 2e 70 72 6f 70 48 6f 6f 6b 73 5b 62 5d 29
                                          Data Ascii: prop,a,b,arguments.length>1)},removeProp:function(a){return this.each(function(){delete this[n.propFix[a]||a]})}}),n.extend({prop:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return 1===f&&n.isXMLDoc(a)||(b=n.propFix[b]||b,e=n.propHooks[b])
                                          2024-12-05 17:04:31 UTC8000INData Raw: 3d 69 5b 30 5d 26 26 69 2e 75 6e 73 68 69 66 74 28 66 29 2c 63 5b 66 5d 29 3a 76 6f 69 64 20 30 7d 66 75 6e 63 74 69 6f 6e 20 41 62 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 65 2c 66 2c 67 2c 68 2c 69 2c 6a 3d 7b 7d 2c 6b 3d 61 2e 64 61 74 61 54 79 70 65 73 2e 73 6c 69 63 65 28 29 3b 69 66 28 6b 5b 31 5d 29 66 6f 72 28 67 20 69 6e 20 61 2e 63 6f 6e 76 65 72 74 65 72 73 29 6a 5b 67 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 3d 61 2e 63 6f 6e 76 65 72 74 65 72 73 5b 67 5d 3b 66 3d 6b 2e 73 68 69 66 74 28 29 3b 77 68 69 6c 65 28 66 29 69 66 28 61 2e 72 65 73 70 6f 6e 73 65 46 69 65 6c 64 73 5b 66 5d 26 26 28 63 5b 61 2e 72 65 73 70 6f 6e 73 65 46 69 65 6c 64 73 5b 66 5d 5d 3d 62 29 2c 21 69 26 26 64 26 26 61 2e 64 61 74 61 46 69 6c 74 65 72 26 26 28 62 3d
                                          Data Ascii: =i[0]&&i.unshift(f),c[f]):void 0}function Ab(a,b,c,d){var e,f,g,h,i,j={},k=a.dataTypes.slice();if(k[1])for(g in a.converters)j[g.toLowerCase()]=a.converters[g];f=k.shift();while(f)if(a.responseFields[f]&&(c[a.responseFields[f]]=b),!i&&d&&a.dataFilter&&(b=


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          12192.168.2.64983791.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:30 UTC423OUTGET /user/classes/js/jqueryui.js?v=0d74b HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:31 UTC306INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:30 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:48:58 GMT
                                          ETag: "1900222-177be-619329759354d"
                                          Accept-Ranges: bytes
                                          Content-Length: 96190
                                          Connection: close
                                          Content-Type: application/javascript
                                          2024-12-05 17:04:31 UTC7886INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 55 49 20 2d 20 76 31 2e 39 2e 32 20 2d 20 32 30 31 32 2d 31 31 2d 32 33 0a 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 75 69 2e 63 6f 6d 0a 2a 20 49 6e 63 6c 75 64 65 73 3a 20 6a 71 75 65 72 79 2e 75 69 2e 63 6f 72 65 2e 6a 73 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 32 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 3b 20 4c 69 63 65 6e 73 65 64 20 4d 49 54 20 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 69 28 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 75 3d 74 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 22 61 72 65 61 22 3d 3d 3d 75 3f 28 72 3d 74 2e 70 61
                                          Data Ascii: /*! jQuery UI - v1.9.2 - 2012-11-23* http://jqueryui.com* Includes: jquery.ui.core.js* Copyright 2012 jQuery Foundation and other contributors; Licensed MIT */(function(e,t){function i(t,n){var r,i,o,u=t.nodeName.toLowerCase();return"area"===u?(r=t.pa
                                          2024-12-05 17:04:31 UTC8000INData Raw: 6e 6f 6f 70 2c 5f 67 65 74 43 72 65 61 74 65 45 76 65 6e 74 44 61 74 61 3a 65 2e 6e 6f 6f 70 2c 5f 63 72 65 61 74 65 3a 65 2e 6e 6f 6f 70 2c 5f 69 6e 69 74 3a 65 2e 6e 6f 6f 70 2c 64 65 73 74 72 6f 79 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 64 65 73 74 72 6f 79 28 29 2c 74 68 69 73 2e 65 6c 65 6d 65 6e 74 2e 75 6e 62 69 6e 64 28 74 68 69 73 2e 65 76 65 6e 74 4e 61 6d 65 73 70 61 63 65 29 2e 72 65 6d 6f 76 65 44 61 74 61 28 74 68 69 73 2e 77 69 64 67 65 74 4e 61 6d 65 29 2e 72 65 6d 6f 76 65 44 61 74 61 28 74 68 69 73 2e 77 69 64 67 65 74 46 75 6c 6c 4e 61 6d 65 29 2e 72 65 6d 6f 76 65 44 61 74 61 28 65 2e 63 61 6d 65 6c 43 61 73 65 28 74 68 69 73 2e 77 69 64 67 65 74 46 75 6c 6c 4e 61 6d 65 29 29 2c 74 68 69 73 2e 77 69 64 67 65 74 28 29 2e
                                          Data Ascii: noop,_getCreateEventData:e.noop,_create:e.noop,_init:e.noop,destroy:function(){this._destroy(),this.element.unbind(this.eventNamespace).removeData(this.widgetName).removeData(this.widgetFullName).removeData(e.camelCase(this.widgetFullName)),this.widget().
                                          2024-12-05 17:04:31 UTC8000INData Raw: 28 29 2c 76 3d 7b 74 6f 70 3a 67 2e 73 63 72 6f 6c 6c 54 6f 70 28 29 2c 6c 65 66 74 3a 67 2e 73 63 72 6f 6c 6c 4c 65 66 74 28 29 7d 29 3a 77 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 3f 28 74 2e 61 74 3d 22 6c 65 66 74 20 74 6f 70 22 2c 6c 3d 64 3d 30 2c 76 3d 7b 74 6f 70 3a 77 2e 70 61 67 65 59 2c 6c 65 66 74 3a 77 2e 70 61 67 65 58 7d 29 3a 28 6c 3d 67 2e 6f 75 74 65 72 57 69 64 74 68 28 29 2c 64 3d 67 2e 6f 75 74 65 72 48 65 69 67 68 74 28 29 2c 76 3d 67 2e 6f 66 66 73 65 74 28 29 29 2c 6d 3d 65 2e 65 78 74 65 6e 64 28 7b 7d 2c 76 29 2c 65 2e 65 61 63 68 28 5b 22 6d 79 22 2c 22 61 74 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 28 74 5b 74 68 69 73 5d 7c 7c 22 22 29 2e 73 70 6c 69 74 28 22 20 22 29 2c 6e 2c 72 3b 65 2e 6c 65 6e 67 74
                                          Data Ascii: (),v={top:g.scrollTop(),left:g.scrollLeft()}):w.preventDefault?(t.at="left top",l=d=0,v={top:w.pageY,left:w.pageX}):(l=g.outerWidth(),d=g.outerHeight(),v=g.offset()),m=e.extend({},v),e.each(["my","at"],function(){var e=(t[this]||"").split(" "),n,r;e.lengt
                                          2024-12-05 17:04:31 UTC8000INData Raw: 61 76 69 6f 75 72 26 26 28 6e 3d 65 2e 75 69 2e 64 64 6d 61 6e 61 67 65 72 2e 64 72 6f 70 28 74 68 69 73 2c 74 29 29 2c 74 68 69 73 2e 64 72 6f 70 70 65 64 26 26 28 6e 3d 74 68 69 73 2e 64 72 6f 70 70 65 64 2c 74 68 69 73 2e 64 72 6f 70 70 65 64 3d 21 31 29 3b 76 61 72 20 72 3d 74 68 69 73 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2c 69 3d 21 31 3b 77 68 69 6c 65 28 72 26 26 28 72 3d 72 2e 70 61 72 65 6e 74 4e 6f 64 65 29 29 72 3d 3d 64 6f 63 75 6d 65 6e 74 26 26 28 69 3d 21 30 29 3b 69 66 28 21 69 26 26 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 68 65 6c 70 65 72 3d 3d 3d 22 6f 72 69 67 69 6e 61 6c 22 29 72 65 74 75 72 6e 21 31 3b 69 66 28 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 72 65 76 65 72 74 3d 3d 22 69 6e 76 61 6c 69 64 22 26 26 21 6e 7c 7c 74 68 69 73 2e 6f 70
                                          Data Ascii: aviour&&(n=e.ui.ddmanager.drop(this,t)),this.dropped&&(n=this.dropped,this.dropped=!1);var r=this.element[0],i=!1;while(r&&(r=r.parentNode))r==document&&(i=!0);if(!i&&this.options.helper==="original")return!1;if(this.options.revert=="invalid"&&!n||this.op
                                          2024-12-05 17:04:31 UTC8000INData Raw: 74 61 6e 63 65 2e 69 73 4f 76 65 72 3f 28 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 2e 69 73 4f 76 65 72 3d 30 2c 72 2e 63 61 6e 63 65 6c 48 65 6c 70 65 72 52 65 6d 6f 76 61 6c 3d 21 30 2c 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 2e 63 61 6e 63 65 6c 48 65 6c 70 65 72 52 65 6d 6f 76 61 6c 3d 21 31 2c 74 68 69 73 2e 73 68 6f 75 6c 64 52 65 76 65 72 74 26 26 28 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 2e 6f 70 74 69 6f 6e 73 2e 72 65 76 65 72 74 3d 21 30 29 2c 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 2e 5f 6d 6f 75 73 65 53 74 6f 70 28 74 29 2c 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 2e 6f 70 74 69 6f 6e 73 2e 68 65 6c 70 65 72 3d 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 2e 6f 70 74 69 6f 6e 73 2e 5f 68 65 6c 70 65 72 2c 72 2e 6f 70 74 69 6f 6e 73 2e 68 65 6c 70 65 72
                                          Data Ascii: tance.isOver?(this.instance.isOver=0,r.cancelHelperRemoval=!0,this.instance.cancelHelperRemoval=!1,this.shouldRevert&&(this.instance.options.revert=!0),this.instance._mouseStop(t),this.instance.options.helper=this.instance.options._helper,r.options.helper
                                          2024-12-05 17:04:31 UTC8000INData Raw: 6e 22 29 3b 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 2e 62 75 74 74 6f 6e 28 22 72 65 66 72 65 73 68 22 29 7d 2c 31 29 7d 2c 6c 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 74 2e 6e 61 6d 65 2c 72 3d 74 2e 66 6f 72 6d 2c 69 3d 65 28 5b 5d 29 3b 72 65 74 75 72 6e 20 6e 26 26 28 72 3f 69 3d 65 28 72 29 2e 66 69 6e 64 28 22 5b 6e 61 6d 65 3d 27 22 2b 6e 2b 22 27 5d 22 29 3a 69 3d 65 28 22 5b 6e 61 6d 65 3d 27 22 2b 6e 2b 22 27 5d 22 2c 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 29 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 74 68 69 73 2e 66 6f 72 6d 7d 29 29 2c 69 7d 3b 65 2e 77 69 64 67 65 74 28 22 75 69 2e 62 75 74 74 6f 6e 22 2c 7b 76 65 72 73 69 6f 6e 3a 22 31 2e 39 2e 32 22 2c
                                          Data Ascii: n");setTimeout(function(){t.button("refresh")},1)},l=function(t){var n=t.name,r=t.form,i=e([]);return n&&(r?i=e(r).find("[name='"+n+"']"):i=e("[name='"+n+"']",t.ownerDocument).filter(function(){return!this.form})),i};e.widget("ui.button",{version:"1.9.2",
                                          2024-12-05 17:04:31 UTC8000INData Raw: 2e 7a 49 6e 64 65 78 7d 29 2e 61 74 74 72 28 22 74 61 62 49 6e 64 65 78 22 2c 2d 31 29 2e 6b 65 79 64 6f 77 6e 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 2e 63 6c 6f 73 65 4f 6e 45 73 63 61 70 65 26 26 21 6e 2e 69 73 44 65 66 61 75 6c 74 50 72 65 76 65 6e 74 65 64 28 29 26 26 6e 2e 6b 65 79 43 6f 64 65 26 26 6e 2e 6b 65 79 43 6f 64 65 3d 3d 3d 65 2e 75 69 2e 6b 65 79 43 6f 64 65 2e 45 53 43 41 50 45 26 26 28 74 2e 63 6c 6f 73 65 28 6e 29 2c 6e 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 29 7d 29 2e 6d 6f 75 73 65 64 6f 77 6e 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 2e 6d 6f 76 65 54 6f 54 6f 70 28 21 31 2c 65 29 7d 29 2e 61 70 70 65 6e 64 54 6f 28 22 62 6f 64 79 22 29 2c 74 68 69 73 2e 65 6c 65 6d 65 6e 74 2e 73 68 6f 77 28 29 2e 72 65 6d 6f 76 65
                                          Data Ascii: .zIndex}).attr("tabIndex",-1).keydown(function(n){r.closeOnEscape&&!n.isDefaultPrevented()&&n.keyCode&&n.keyCode===e.ui.keyCode.ESCAPE&&(t.close(n),n.preventDefault())}).mousedown(function(e){t.moveToTop(!1,e)}).appendTo("body"),this.element.show().remove
                                          2024-12-05 17:04:31 UTC8000INData Raw: 6e 63 65 73 3a 5b 5d 2c 6d 61 78 5a 3a 30 2c 65 76 65 6e 74 73 3a 65 2e 6d 61 70 28 22 66 6f 63 75 73 2c 6d 6f 75 73 65 64 6f 77 6e 2c 6d 6f 75 73 65 75 70 2c 6b 65 79 64 6f 77 6e 2c 6b 65 79 70 72 65 73 73 2c 63 6c 69 63 6b 22 2e 73 70 6c 69 74 28 22 2c 22 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2b 22 2e 64 69 61 6c 6f 67 2d 6f 76 65 72 6c 61 79 22 7d 29 2e 6a 6f 69 6e 28 22 20 22 29 2c 63 72 65 61 74 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 73 2e 6c 65 6e 67 74 68 3d 3d 3d 30 26 26 28 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 65 2e 75 69 2e 64 69 61 6c 6f 67 2e 6f 76 65 72 6c 61 79 2e 69 6e 73 74 61 6e 63 65 73 2e 6c 65 6e 67 74 68 26 26 65 28 64 6f 63 75 6d 65 6e
                                          Data Ascii: nces:[],maxZ:0,events:e.map("focus,mousedown,mouseup,keydown,keypress,click".split(","),function(e){return e+".dialog-overlay"}).join(" "),create:function(t){this.instances.length===0&&(setTimeout(function(){e.ui.dialog.overlay.instances.length&&e(documen
                                          2024-12-05 17:04:31 UTC8000INData Raw: 70 61 72 65 6e 74 22 3a 74 68 69 73 2e 74 6f 52 67 62 61 53 74 72 69 6e 67 28 29 7d 7d 29 2c 6f 2e 66 6e 2e 70 61 72 73 65 2e 70 72 6f 74 6f 74 79 70 65 3d 6f 2e 66 6e 2c 75 2e 68 73 6c 61 2e 74 6f 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 65 5b 30 5d 3d 3d 6e 75 6c 6c 7c 7c 65 5b 31 5d 3d 3d 6e 75 6c 6c 7c 7c 65 5b 32 5d 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 65 5b 33 5d 5d 3b 76 61 72 20 74 3d 65 5b 30 5d 2f 32 35 35 2c 6e 3d 65 5b 31 5d 2f 32 35 35 2c 72 3d 65 5b 32 5d 2f 32 35 35 2c 69 3d 65 5b 33 5d 2c 73 3d 4d 61 74 68 2e 6d 61 78 28 74 2c 6e 2c 72 29 2c 6f 3d 4d 61 74 68 2e 6d 69 6e 28 74 2c 6e 2c 72 29 2c 75 3d 73 2d 6f 2c 61 3d 73 2b 6f 2c 66 3d 61 2a 2e 35 2c 6c 2c 63 3b 72 65 74 75 72 6e 20
                                          Data Ascii: parent":this.toRgbaString()}}),o.fn.parse.prototype=o.fn,u.hsla.to=function(e){if(e[0]==null||e[1]==null||e[2]==null)return[null,null,null,e[3]];var t=e[0]/255,n=e[1]/255,r=e[2]/255,i=e[3],s=Math.max(t,n,r),o=Math.min(t,n,r),u=s-o,a=s+o,f=a*.5,l,c;return
                                          2024-12-05 17:04:31 UTC8000INData Raw: 74 29 7b 72 65 74 75 72 6e 20 4d 61 74 68 2e 70 6f 77 28 74 2c 65 2b 32 29 7d 7d 29 2c 65 2e 65 78 74 65 6e 64 28 74 2c 7b 53 69 6e 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 2d 4d 61 74 68 2e 63 6f 73 28 65 2a 4d 61 74 68 2e 50 49 2f 32 29 7d 2c 43 69 72 63 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 2d 4d 61 74 68 2e 73 71 72 74 28 31 2d 65 2a 65 29 7d 2c 45 6c 61 73 74 69 63 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 30 7c 7c 65 3d 3d 3d 31 3f 65 3a 2d 4d 61 74 68 2e 70 6f 77 28 32 2c 38 2a 28 65 2d 31 29 29 2a 4d 61 74 68 2e 73 69 6e 28 28 28 65 2d 31 29 2a 38 30 2d 37 2e 35 29 2a 4d 61 74 68 2e 50 49 2f 31 35 29 7d 2c 42 61 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75
                                          Data Ascii: t){return Math.pow(t,e+2)}}),e.extend(t,{Sine:function(e){return 1-Math.cos(e*Math.PI/2)},Circ:function(e){return 1-Math.sqrt(1-e*e)},Elastic:function(e){return e===0||e===1?e:-Math.pow(2,8*(e-1))*Math.sin(((e-1)*80-7.5)*Math.PI/15)},Back:function(e){retu


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          13192.168.2.64983962.149.0.2494431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:31 UTC523OUTGET /counter2.0.js HTTP/1.1
                                          Host: get.mycounter.ua
                                          Connection: keep-alive
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-platform: "Windows"
                                          Accept: */*
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: script
                                          Referer: https://ukrnic.com/
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          2024-12-05 17:04:31 UTC316INHTTP/1.1 200 OK
                                          Server: nginx/1.14.2
                                          Date: Thu, 05 Dec 2024 17:04:31 GMT
                                          Content-Type: application/javascript
                                          Content-Length: 3653
                                          Last-Modified: Mon, 11 Jan 2021 22:30:07 GMT
                                          Connection: close
                                          ETag: "5ffcd16f-e45"
                                          Expires: Thu, 05 Dec 2024 18:04:31 GMT
                                          Cache-Control: max-age=3600
                                          Accept-Ranges: bytes
                                          2024-12-05 17:04:31 UTC3653INData Raw: 76 61 72 20 6d 79 5f 66 6c 61 73 68 2c 6d 79 5f 6d 2c 75 6e 64 65 66 2c 6d 79 5f 69 64 2c 6d 79 5f 77 69 64 74 68 2c 6d 79 5f 68 65 69 67 68 74 2c 6d 79 5f 61 6c 74 2c 6d 79 5f 69 6d 67 3b 0a 76 61 72 20 6d 79 5f 6a 3d 30 2c 6d 79 5f 73 2c 6d 79 5f 72 72 2c 6d 79 5f 74 66 2c 6d 79 5f 66 73 2c 6d 79 5f 62 6c 6f 63 6b 65 64 3d 27 2a 27 2c 6d 79 5f 64 73 74 3b 0a 76 61 72 20 6d 79 5f 68 3d 27 6d 79 63 6f 75 6e 74 65 72 2e 75 61 2f 27 3b 0a 0a 69 66 20 28 6d 79 5f 61 6c 74 20 3d 3d 20 75 6e 64 65 66 29 20 6d 79 5f 61 6c 74 20 3d 20 27 4d 79 43 6f 75 6e 74 65 72 27 3b 0a 69 66 20 28 6d 79 5f 77 69 64 74 68 20 3d 3d 20 75 6e 64 65 66 20 7c 7c 20 6d 79 5f 68 65 69 67 68 74 20 3d 3d 20 75 6e 64 65 66 20 7c 7c 20 6d 79 5f 77 69 64 74 68 20 3d 3d 20 30 20 7c 7c 20
                                          Data Ascii: var my_flash,my_m,undef,my_id,my_width,my_height,my_alt,my_img;var my_j=0,my_s,my_rr,my_tf,my_fs,my_blocked='*',my_dst;var my_h='mycounter.ua/';if (my_alt == undef) my_alt = 'MyCounter';if (my_width == undef || my_height == undef || my_width == 0 ||


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          14192.168.2.64984691.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:32 UTC421OUTGET /templates/ukrnic/images/head_bg.jpg HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:32 UTC291INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:32 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:42:28 GMT
                                          ETag: "1d8114e-4ca-61932801d541a"
                                          Accept-Ranges: bytes
                                          Content-Length: 1226
                                          Connection: close
                                          Content-Type: image/jpeg
                                          2024-12-05 17:04:32 UTC1226INData Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 29 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d
                                          Data Ascii: ExifII*Ducky<)http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xm


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          15192.168.2.64984591.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:32 UTC418OUTGET /templates/ukrnic/images/logo.png HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:32 UTC292INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:32 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:42:28 GMT
                                          ETag: "1d8115a-2992-61932801f6f2a"
                                          Accept-Ranges: bytes
                                          Content-Length: 10642
                                          Connection: close
                                          Content-Type: image/png
                                          2024-12-05 17:04:32 UTC7900INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 21 00 00 00 42 08 06 00 00 00 18 0a 60 5b 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 20 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20
                                          Data Ascii: PNGIHDR!B`[tEXtSoftwareAdobe ImageReadyqe< iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00
                                          2024-12-05 17:04:32 UTC2742INData Raw: c1 c5 75 5f b4 6e 02 77 2f 0c 4c bc 1d 62 63 63 dd 0b 38 31 4e a5 b0 7a 75 40 7e 08 95 4d c8 17 39 9c 8d f0 5d 61 2e 94 d7 7f 0f 63 33 17 89 c6 5a dc 1e 39 3e 9e fe ea 74 0f c1 c9 ca a1 50 ee 58 01 ce 20 8d d6 e1 9c e7 a9 27 e5 a0 6a 17 10 b5 e6 21 3a 27 fd 07 a5 b8 be 7f 84 51 d3 f5 5d 65 ff 67 c0 d8 04 fb fe b5 18 46 de b1 54 ae ab 1d 6b d6 8f 4d cf 9c 52 30 76 f5 d9 1d f1 bc e5 ff 62 74 50 b3 e2 d6 fe ef 12 a0 70 41 68 f2 50 53 41 66 c6 a7 a7 1f ab 6a b2 aa aa f9 5e bf 2f 6c 56 a5 9f ae f3 7a 1d 02 e6 a6 25 ab a1 75 b7 0d cf cd 0f 03 0d 94 82 92 67 61 52 f4 0a 77 0e 19 dc e2 46 a5 ba 13 6a 6b 27 91 d9 7e 1b 34 bb 8a 69 2c 48 0b bf 27 a4 3d af 12 e2 c0 28 64 83 96 ef 4d f4 d1 49 74 c9 04 16 5c c7 85 b6 17 54 1b 0f 9f 5e 03 56 47 79 d8 80 90 7b 86 aa fa
                                          Data Ascii: u_nw/Lbcc81Nzu@~M9]a.c3Z9>tPX 'j!:'Q]egFTkMR0vbtPpAhPSAfj^/lVz%ugaRwFjk'~4i,H'=(dMIt\T^VGy{


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          16192.168.2.64984891.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:32 UTC420OUTGET /templates/ukrnic/images/head_l.jpg HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:33 UTC291INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:32 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:42:28 GMT
                                          ETag: "1d8114f-53b-61932801da622"
                                          Accept-Ranges: bytes
                                          Content-Length: 1339
                                          Connection: close
                                          Content-Type: image/jpeg
                                          2024-12-05 17:04:33 UTC1339INData Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 29 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d
                                          Data Ascii: ExifII*Ducky<)http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xm


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          17192.168.2.64984991.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:32 UTC668OUTGET /templates/ukrnic/images/foot_r.jpg HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-platform: "Windows"
                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: same-origin
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Referer: https://ukrnic.com/~freexp/index.php
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:33 UTC291INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:32 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:42:28 GMT
                                          ETag: "1d81149-5a2-61932801c5631"
                                          Accept-Ranges: bytes
                                          Content-Length: 1442
                                          Connection: close
                                          Content-Type: image/jpeg
                                          2024-12-05 17:04:33 UTC1442INData Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 29 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d
                                          Data Ascii: ExifII*Ducky<)http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xm


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          18192.168.2.64985091.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:32 UTC420OUTGET /templates/ukrnic/images/head_r.jpg HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:33 UTC291INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:32 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:42:28 GMT
                                          ETag: "1d81150-97f-61932801dadf2"
                                          Accept-Ranges: bytes
                                          Content-Length: 2431
                                          Connection: close
                                          Content-Type: image/jpeg
                                          2024-12-05 17:04:33 UTC2431INData Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 29 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d
                                          Data Ascii: ExifII*Ducky<)http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xm


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          19192.168.2.64985191.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:33 UTC421OUTGET /templates/ukrnic/images/liqpay6.png HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:33 UTC291INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:33 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:42:28 GMT
                                          ETag: "1d81158-201e-61932801efde2"
                                          Accept-Ranges: bytes
                                          Content-Length: 8222
                                          Connection: close
                                          Content-Type: image/png
                                          2024-12-05 17:04:33 UTC7901INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 1b 08 06 00 00 00 39 f2 c0 1f 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 1f b3 49 44 41 54 78 5e ed 5c 77 60 15 c5 fa 3d e9 95 f4 9e 90 40 42 42 20 40 90 1e 42 95 22 1d 69 4a 11 11 44 b1 2b a2 4f 8a 02 0a 88 a2 80 0f 2c 20 0a 22 1d 94 5e 04 21 94 50 12 7a 09 69 a4 91 de 7b af bf f3 ed bd d7 14 8a c0 e3 f7 9e 7f 70 60 d8 dd 99 d9 99 dd 99 af 9c 6f 66 2f 5a 35 04 9e e0 09 fe cb a8 2e 2f 47 59 42 02 f2 4e 9e 44 5e 60 20 f2 7f f9 05 d5 cc d7 52 15 2b d0 71 74 84 f5 ab af c2 ac 63 47 98 75 ef 0e 5d 33 33 75 c9 5d 50 94 02 a4 5d 06 22 0e 02 29 db 81 92 4c 75 81 1a 86 bc d7 66 08 d0
                                          Data Ascii: PNGIHDR9sRGBgAMAapHYs+IDATx^\w`=@BB @B"iJD+O, "^!Pzi{p`of/Z5./GYBND^` R+qtcGu]33u]P]")Luf
                                          2024-12-05 17:04:33 UTC321INData Raw: 36 e3 a1 73 aa 55 2d 51 7e d9 e7 95 57 68 28 d5 9a 3c 8d b7 13 e5 70 6c 03 74 9b 0f d4 f9 51 5c 43 fc cf 15 44 83 2a 5a 28 1d 1d b1 62 4f f0 50 08 65 1c 18 b5 89 5e 82 de c2 94 6e c2 82 93 6e 4d 3a 6c e5 4b a1 61 d0 69 d6 9c 12 48 e9 79 dc 8b 04 22 36 12 08 94 52 51 64 03 56 56 2d ad 7c f8 0c 2e ea 0a f7 86 fc 4e 3d 7b d7 2e 64 fc f0 03 8a c2 c2 14 99 15 21 14 d9 96 24 10 65 d0 a8 ab ec eb 58 8d 1d 0b 9b 97 5f 86 79 97 ce d0 31 aa f3 2e f2 a3 b7 d8 83 aa ff 17 2b f5 74 ed aa 94 86 36 0a c4 7b 8a 03 94 7c b9 d5 96 d4 d8 87 54 d0 63 08 9f f7 fe cb fa ff 18 05 79 82 87 40 7e 24 10 b2 00 48 da 03 b8 4c a1 59 ed 08 c8 4f a5 8d 28 9c 12 43 69 7e 38 f2 0f 47 75 69 29 4a a2 a3 51 42 25 29 bc 7a 15 e5 49 49 28 09 8f 84 96 a9 31 8c bd bc 60 e0 d2 18 e6 bd 7a c2 d0
                                          Data Ascii: 6sU-Q~Wh(<pltQ\CD*Z(bOPe^nnM:lKaiHy"6RQdVV-|.N={.d!$eX_y1.+t6{|Tcy@~$HLYO(Ci~8Gui)JQB%)zII(1`z


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          20192.168.2.64985291.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:33 UTC421OUTGET /user/classes/js/dle_js.js?v=0d74b HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353
                                          2024-12-05 17:04:33 UTC305INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:33 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:48:58 GMT
                                          ETag: "190021f-9857-619329758db75"
                                          Accept-Ranges: bytes
                                          Content-Length: 38999
                                          Connection: close
                                          Content-Type: application/javascript
                                          2024-12-05 17:04:33 UTC7887INData Raw: 76 61 72 20 63 5f 63 61 63 68 65 3d 5b 5d 2c 64 6c 65 5f 70 6f 6c 6c 5f 76 6f 74 65 64 3d 5b 5d 3b 66 75 6e 63 74 69 6f 6e 20 72 65 6c 6f 61 64 28 29 7b 76 61 72 20 65 3d 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 64 6c 65 2d 63 61 70 74 63 68 61 22 29 2e 69 6e 6e 65 72 48 54 4d 4c 3d 27 3c 69 6d 67 20 73 72 63 3d 22 27 2b 64 6c 65 5f 72 6f 6f 74 2b 22 65 6e 67 69 6e 65 2f 6d 6f 64 75 6c 65 73 2f 61 6e 74 69 62 6f 74 2f 61 6e 74 69 62 6f 74 2e 70 68 70 3f 72 6e 64 76 61 6c 3d 22 2b 65 2b 27 22 20 77 69 64 74 68 3d 22 31 36 30 22 20 68 65 69 67 68 74 3d 22 38 30 22 20 61 6c 74 3d 22 22 20 2f 3e 27 7d 66 75 6e 63 74 69 6f 6e 20 64 6c 65 5f 63 68 61 6e 67 65 5f 73
                                          Data Ascii: var c_cache=[],dle_poll_voted=[];function reload(){var e=(new Date).getTime();document.getElementById("dle-captcha").innerHTML='<img src="'+dle_root+"user/modules/antibot/antibot.php?rndval="+e+'" width="160" height="80" alt="" />'}function dle_change_s
                                          2024-12-05 17:04:33 UTC8000INData Raw: 74 29 29 3a 22 32 22 3d 3d 64 6c 65 5f 63 61 70 74 63 68 61 5f 74 79 70 65 26 26 28 6c 3d 24 28 22 23 70 6d 2d 72 65 63 61 70 74 63 68 61 2d 72 65 73 70 6f 6e 73 65 22 29 2e 76 61 6c 28 29 29 2c 64 3d 64 7c 7c 30 2c 6e 3d 6e 7c 7c 22 22 2c 69 3d 69 7c 7c 22 22 2c 53 68 6f 77 4c 6f 61 64 69 6e 67 28 22 22 29 2c 24 2e 70 6f 73 74 28 64 6c 65 5f 72 6f 6f 74 2b 22 65 6e 67 69 6e 65 2f 61 6a 61 78 2f 63 6f 6e 74 72 6f 6c 6c 65 72 2e 70 68 70 3f 6d 6f 64 3d 70 6d 22 2c 7b 61 63 74 69 6f 6e 3a 22 73 65 6e 64 5f 70 6d 22 2c 73 75 62 6a 3a 65 2c 63 6f 6d 6d 65 6e 74 73 3a 6f 2c 6e 61 6d 65 3a 74 2c 73 6b 69 6e 3a 64 6c 65 5f 73 6b 69 6e 2c 73 65 63 5f 63 6f 64 65 3a 6e 2c 71 75 65 73 74 69 6f 6e 5f 61 6e 73 77 65 72 3a 69 2c 67 5f 72 65 63 61 70 74 63 68 61 5f 72
                                          Data Ascii: t)):"2"==dle_captcha_type&&(l=$("#pm-recaptcha-response").val()),d=d||0,n=n||"",i=i||"",ShowLoading(""),$.post(dle_root+"user/ajax/controller.php?mod=pm",{action:"send_pm",subj:e,comments:o,name:t,skin:dle_skin,sec_code:n,question_answer:i,g_recaptcha_r
                                          2024-12-05 17:04:34 UTC8000INData Raw: 72 74 3a 6f 2c 6e 65 77 73 5f 69 64 3a 74 2c 73 6b 69 6e 3a 64 6c 65 5f 73 6b 69 6e 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 48 69 64 65 4c 6f 61 64 69 6e 67 28 22 22 29 2c 69 73 4e 61 4e 28 6f 29 7c 7c 69 73 4e 61 4e 28 74 29 7c 7c 28 24 28 22 23 64 6c 65 2d 63 6f 6d 6d 2d 6c 69 6e 6b 22 29 2e 6f 66 66 28 22 63 6c 69 63 6b 22 29 2c 24 28 22 23 64 6c 65 2d 63 6f 6d 6d 2d 6c 69 6e 6b 22 29 2e 6f 6e 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 43 6f 6d 6d 65 6e 74 73 50 61 67 65 28 6f 2c 74 29 2c 21 31 7d 29 29 2c 73 63 72 6f 6c 6c 28 30 2c 24 28 22 23 64 6c 65 2d 63 6f 6d 6d 65 6e 74 73 2d 6c 69 73 74 22 29 2e 6f 66 66 73 65 74 28 29 2e 74 6f 70 2d 31 30 30 29 2c 24 28 22 23 64 6c 65 2d 63 6f 6d 6d 65 6e 74 73 2d 6c 69
                                          Data Ascii: rt:o,news_id:t,skin:dle_skin},function(e){HideLoading(""),isNaN(o)||isNaN(t)||($("#dle-comm-link").off("click"),$("#dle-comm-link").on("click",function(){return CommentsPage(o,t),!1})),scroll(0,$("#dle-comments-list").offset().top-100),$("#dle-comments-li
                                          2024-12-05 17:04:34 UTC8000INData Raw: 3e 3c 74 65 78 74 61 72 65 61 20 6e 61 6d 65 3d 27 64 6c 65 2d 70 72 6f 6d 74 2d 74 65 78 74 27 20 69 64 3d 27 64 6c 65 2d 70 72 6f 6d 74 2d 74 65 78 74 27 20 63 6c 61 73 73 3d 27 75 69 2d 77 69 64 67 65 74 2d 63 6f 6e 74 65 6e 74 20 75 69 2d 63 6f 72 6e 65 72 2d 61 6c 6c 27 20 73 74 79 6c 65 3d 27 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 34 30 70 78 3b 27 3e 3c 2f 74 65 78 74 61 72 65 61 3e 22 2b 6f 2b 22 3c 2f 64 69 76 3e 22 29 2c 24 28 22 23 64 6c 65 63 6f 6d 70 6c 61 69 6e 74 22 29 2e 64 69 61 6c 6f 67 28 7b 61 75 74 6f 4f 70 65 6e 3a 21 30 2c 77 69 64 74 68 3a 36 30 30 2c 72 65 73 69 7a 61 62 6c 65 3a 21 31 2c 64 69 61 6c 6f 67 43 6c 61 73 73 3a 22 6d 6f 64 61 6c 66 69 78 65 64 20 64 6c 65 2d 70 6f 70 75 70 2d 63 6f 6d 70 6c 61 69 6e
                                          Data Ascii: ><textarea name='dle-promt-text' id='dle-promt-text' class='ui-widget-content ui-corner-all' style='width:100%;height:140px;'></textarea>"+o+"</div>"),$("#dlecomplaint").dialog({autoOpen:!0,width:600,resizable:!1,dialogClass:"modalfixed dle-popup-complain
                                          2024-12-05 17:04:34 UTC7112INData Raw: 75 74 28 35 30 30 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 24 28 74 68 69 73 29 2e 68 74 6d 6c 28 65 29 2c 24 28 74 68 69 73 29 2e 66 61 64 65 49 6e 28 35 30 30 29 7d 29 7d 29 29 2c 21 31 7d 66 75 6e 63 74 69 6f 6e 20 41 64 64 49 67 6e 6f 72 65 50 4d 28 65 2c 6f 29 7b 44 4c 45 63 6f 6e 66 69 72 6d 28 6f 2c 64 6c 65 5f 63 6f 6e 66 69 72 6d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 53 68 6f 77 4c 6f 61 64 69 6e 67 28 22 22 29 2c 24 2e 67 65 74 28 64 6c 65 5f 72 6f 6f 74 2b 22 65 6e 67 69 6e 65 2f 61 6a 61 78 2f 63 6f 6e 74 72 6f 6c 6c 65 72 2e 70 68 70 3f 6d 6f 64 3d 70 6d 22 2c 7b 69 64 3a 65 2c 61 63 74 69 6f 6e 3a 22 61 64 64 5f 69 67 6e 6f 72 65 22 2c 73 6b 69 6e 3a 64 6c 65 5f 73 6b 69 6e 2c 75 73 65 72 5f 68 61 73 68 3a 64 6c 65 5f 6c 6f 67 69 6e 5f 68 61 73 68
                                          Data Ascii: ut(500,function(){$(this).html(e),$(this).fadeIn(500)})})),!1}function AddIgnorePM(e,o){DLEconfirm(o,dle_confirm,function(){ShowLoading(""),$.get(dle_root+"user/ajax/controller.php?mod=pm",{id:e,action:"add_ignore",skin:dle_skin,user_hash:dle_login_hash


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          21192.168.2.64985562.149.0.2494431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:33 UTC670OUTGET /counter.php?id=122274&w=https%3A//ukrnic.com/%7Efreexp/index.php&s=1280x1024x24&c=1&j=5&gmt=-5&dst=1 HTTP/1.1
                                          Host: get.mycounter.ua
                                          Connection: keep-alive
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-platform: "Windows"
                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Referer: https://ukrnic.com/
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          2024-12-05 17:04:34 UTC218INHTTP/1.1 200 OK
                                          Content-Type: image/png
                                          Content-Length: 834
                                          Connection: close
                                          Date: Thu, 05 Dec 2024 19:04:33 GMT
                                          Server: MyCounter TCP Server v.2.0.0
                                          Accept-Ranges: bytes
                                          Expires: 0
                                          Cache-control: no-cache
                                          2024-12-05 17:04:34 UTC834INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 33 08 03 00 00 00 24 78 3f 9f 00 00 00 5a 50 4c 54 45 00 00 00 29 52 9c 52 84 e7 5a 8c de 63 8c d6 63 94 ce 6b 9c c6 73 9c b5 7b a5 ad 84 ad a5 8c ad 9c 94 b5 94 9c b5 84 a5 bd 7b a5 bd e7 ad c6 73 b5 c6 6b b5 ce 63 bd ce ad bd d6 52 c6 d6 4a ce de 42 d6 e7 39 de e7 31 e7 ef 21 ef f7 18 ff ff 00 ff ff ff bf bf bf ff 00 00 c9 1e 4b 36 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 02 8e 49 44 41 54 58 47 ed 96 6d 77 a2 30 10 85 c7 34 50 58 5d 10 91 08 13 fc ff 7f 73 27 ef 21 e6 9c d4 22 df f6 d6 46 4c e0 e1 72 33 53 0b 70 98 d8 3e 55 63 9f 9b de 0f 46 2c 81 2f e2 3e 8a a9 9d 44 cf 46 31 d0 c7 d1 2e b4 33 e2 a3 66 7c 44 9c 5b 56 0b 51 0f b4 3e 88 eb 8c 77 36 d0 e4 c0
                                          Data Ascii: PNGIHDRX3$x?ZPLTE)RRZccks{{skcRJB91!K6pHYs+IDATXGmw04PX]s'!"FLr3Sp>UcF,/>DF1.3f|D[VQ>w6


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          22192.168.2.64986062.149.0.2494431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:33 UTC353OUTGET /counter2.0.js HTTP/1.1
                                          Host: get.mycounter.ua
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          2024-12-05 17:04:34 UTC316INHTTP/1.1 200 OK
                                          Server: nginx/1.14.2
                                          Date: Thu, 05 Dec 2024 17:04:34 GMT
                                          Content-Type: application/javascript
                                          Content-Length: 3653
                                          Last-Modified: Mon, 11 Jan 2021 22:30:07 GMT
                                          Connection: close
                                          ETag: "5ffcd16f-e45"
                                          Expires: Thu, 05 Dec 2024 18:04:34 GMT
                                          Cache-Control: max-age=3600
                                          Accept-Ranges: bytes
                                          2024-12-05 17:04:34 UTC3653INData Raw: 76 61 72 20 6d 79 5f 66 6c 61 73 68 2c 6d 79 5f 6d 2c 75 6e 64 65 66 2c 6d 79 5f 69 64 2c 6d 79 5f 77 69 64 74 68 2c 6d 79 5f 68 65 69 67 68 74 2c 6d 79 5f 61 6c 74 2c 6d 79 5f 69 6d 67 3b 0a 76 61 72 20 6d 79 5f 6a 3d 30 2c 6d 79 5f 73 2c 6d 79 5f 72 72 2c 6d 79 5f 74 66 2c 6d 79 5f 66 73 2c 6d 79 5f 62 6c 6f 63 6b 65 64 3d 27 2a 27 2c 6d 79 5f 64 73 74 3b 0a 76 61 72 20 6d 79 5f 68 3d 27 6d 79 63 6f 75 6e 74 65 72 2e 75 61 2f 27 3b 0a 0a 69 66 20 28 6d 79 5f 61 6c 74 20 3d 3d 20 75 6e 64 65 66 29 20 6d 79 5f 61 6c 74 20 3d 20 27 4d 79 43 6f 75 6e 74 65 72 27 3b 0a 69 66 20 28 6d 79 5f 77 69 64 74 68 20 3d 3d 20 75 6e 64 65 66 20 7c 7c 20 6d 79 5f 68 65 69 67 68 74 20 3d 3d 20 75 6e 64 65 66 20 7c 7c 20 6d 79 5f 77 69 64 74 68 20 3d 3d 20 30 20 7c 7c 20
                                          Data Ascii: var my_flash,my_m,undef,my_id,my_width,my_height,my_alt,my_img;var my_j=0,my_s,my_rr,my_tf,my_fs,my_blocked='*',my_dst;var my_h='mycounter.ua/';if (my_alt == undef) my_alt = 'MyCounter';if (my_width == undef || my_height == undef || my_width == 0 ||


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          23192.168.2.64986591.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:34 UTC425OUTGET /templates/ukrnic/images/foot_r.jpg HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353; s=1
                                          2024-12-05 17:04:35 UTC291INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:35 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:42:28 GMT
                                          ETag: "1d81149-5a2-61932801c5631"
                                          Accept-Ranges: bytes
                                          Content-Length: 1442
                                          Connection: close
                                          Content-Type: image/jpeg
                                          2024-12-05 17:04:35 UTC1442INData Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 29 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d
                                          Data Ascii: ExifII*Ducky<)http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xm


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          24192.168.2.64986691.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:35 UTC650OUTGET /favicon.ico HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-platform: "Windows"
                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: same-origin
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Referer: https://ukrnic.com/~freexp/index.php
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353; s=1
                                          2024-12-05 17:04:36 UTC292INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:35 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:40:26 GMT
                                          ETag: "1623e39-37e-6193278d20b23"
                                          Accept-Ranges: bytes
                                          Content-Length: 894
                                          Connection: close
                                          Content-Type: image/x-icon
                                          2024-12-05 17:04:36 UTC894INData Raw: 00 00 01 00 01 00 10 10 00 00 01 00 18 00 68 03 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 91 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 91 00 00 00 00 f0 91 00 00 00 00 00 00 00 f0 91 00 f0 91 00 f0 91 00 f0 91 00 00 00 00 f0 91 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 91 00 f0 91 00 00 00 00 f0 91 00 00 00 00 f0 91 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 91 00 f0 91 00 00 00 00 00 00 00 00 00 00 f0 91 00 00 00 00 f0 91 00 00 00 00 f0 91 00 00 00 00 f0 91 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 91 00 00 00 00 00 00 00 f0 91 00 00 00 00 00 00 00 f0 91 00 00 00 00 f0 91 00 00 00 00 f0 91 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0
                                          Data Ascii: h(


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          25192.168.2.64986862.149.0.2494431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:35 UTC440OUTGET /counter.php?id=122274&w=https%3A//ukrnic.com/%7Efreexp/index.php&s=1280x1024x24&c=1&j=5&gmt=-5&dst=1 HTTP/1.1
                                          Host: get.mycounter.ua
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          2024-12-05 17:04:36 UTC218INHTTP/1.1 200 OK
                                          Content-Type: image/png
                                          Content-Length: 834
                                          Connection: close
                                          Date: Thu, 05 Dec 2024 19:04:36 GMT
                                          Server: MyCounter TCP Server v.2.0.0
                                          Accept-Ranges: bytes
                                          Expires: 0
                                          Cache-control: no-cache
                                          2024-12-05 17:04:36 UTC834INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 33 08 03 00 00 00 24 78 3f 9f 00 00 00 5a 50 4c 54 45 00 00 00 29 52 9c 52 84 e7 5a 8c de 63 8c d6 63 94 ce 6b 9c c6 73 9c b5 7b a5 ad 84 ad a5 8c ad 9c 94 b5 94 9c b5 84 a5 bd 7b a5 bd e7 ad c6 73 b5 c6 6b b5 ce 63 bd ce ad bd d6 52 c6 d6 4a ce de 42 d6 e7 39 de e7 31 e7 ef 21 ef f7 18 ff ff 00 ff ff ff bf bf bf ff 00 00 c9 1e 4b 36 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 02 8e 49 44 41 54 58 47 ed 96 6d 77 a2 30 10 85 c7 34 50 58 5d 10 91 08 13 fc ff 7f 73 27 ef 21 e6 9c d4 22 df f6 d6 46 4c e0 e1 72 33 53 0b 70 98 d8 3e 55 63 9f 9b de 0f 46 2c 81 2f e2 3e 8a a9 9d 44 cf 46 31 d0 c7 d1 2e b4 33 e2 a3 66 7c 44 9c 5b 56 0b 51 0f b4 3e 88 eb 8c 77 36 d0 e4 c0
                                          Data Ascii: PNGIHDRX3$x?ZPLTE)RRZccks{{skcRJB91!K6pHYs+IDATXGmw04PX]s'!"FLr3Sp>UcF,/>DF1.3f|D[VQ>w6


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          26192.168.2.64987391.197.17.84431616C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-05 17:04:37 UTC402OUTGET /favicon.ico HTTP/1.1
                                          Host: ukrnic.com
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: PHPSESSID=95b8db4bbcb2ff56924f5587b30c6353; s=1
                                          2024-12-05 17:04:38 UTC292INHTTP/1.1 200 OK
                                          Date: Thu, 05 Dec 2024 17:04:38 GMT
                                          Server: Apache/2.4.62 (cPanel) OpenSSL/1.1.1w mod_bwlimited/1.4
                                          Last-Modified: Fri, 24 May 2024 12:40:26 GMT
                                          ETag: "1623e39-37e-6193278d20b23"
                                          Accept-Ranges: bytes
                                          Content-Length: 894
                                          Connection: close
                                          Content-Type: image/x-icon
                                          2024-12-05 17:04:38 UTC894INData Raw: 00 00 01 00 01 00 10 10 00 00 01 00 18 00 68 03 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 91 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 91 00 00 00 00 f0 91 00 00 00 00 00 00 00 f0 91 00 f0 91 00 f0 91 00 f0 91 00 00 00 00 f0 91 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 91 00 f0 91 00 00 00 00 f0 91 00 00 00 00 f0 91 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 91 00 f0 91 00 00 00 00 00 00 00 00 00 00 f0 91 00 00 00 00 f0 91 00 00 00 00 f0 91 00 00 00 00 f0 91 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 91 00 00 00 00 00 00 00 f0 91 00 00 00 00 00 00 00 f0 91 00 00 00 00 f0 91 00 00 00 00 f0 91 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0
                                          Data Ascii: h(


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:12:03:40
                                          Start date:05/12/2024
                                          Path:C:\Users\user\Desktop\izCOFC8OWh.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\izCOFC8OWh.exe"
                                          Imagebase:0x400000
                                          File size:88'557 bytes
                                          MD5 hash:D7326ECB2BDA34BA1DC81C821E6F32AF
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:Borland Delphi
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:1
                                          Start time:12:03:40
                                          Start date:05/12/2024
                                          Path:C:\Users\user\AppData\Roaming\webcam_plugin.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\AppData\Roaming\webcam_plugin.exe
                                          Imagebase:0x400000
                                          File size:88'836 bytes
                                          MD5 hash:3DF8C3A266B8A05D3165884FEDA0972A
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:Borland Delphi
                                          Antivirus matches:
                                          • Detection: 100%, Avira
                                          • Detection: 100%, Joe Sandbox ML
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:2
                                          Start time:12:03:40
                                          Start date:05/12/2024
                                          Path:C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe
                                          Imagebase:0x400000
                                          File size:88'836 bytes
                                          MD5 hash:3DF8C3A266B8A05D3165884FEDA0972A
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:Borland Delphi
                                          Antivirus matches:
                                          • Detection: 100%, Avira
                                          • Detection: 100%, Joe Sandbox ML
                                          Reputation:low
                                          Has exited:false

                                          General

                                          Target ID:4
                                          Start time:12:03:41
                                          Start date:05/12/2024
                                          Path:C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\AppData\Roaming\Microsot_Centre\webcam_plugin.exe
                                          Imagebase:0x400000
                                          File size:88'836 bytes
                                          MD5 hash:3DF8C3A266B8A05D3165884FEDA0972A
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:Borland Delphi
                                          Reputation:low
                                          Has exited:false

                                          General

                                          Target ID:5
                                          Start time:12:03:42
                                          Start date:05/12/2024
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\system32\cmd.exe /c UNISTA~1.BAT
                                          Imagebase:0x1c0000
                                          File size:236'544 bytes
                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:6
                                          Start time:12:03:42
                                          Start date:05/12/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff66e660000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:7
                                          Start time:12:03:43
                                          Start date:05/12/2024
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\system32\cmd.exe /c UNISTA~1.BAT
                                          Imagebase:0x1c0000
                                          File size:236'544 bytes
                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:8
                                          Start time:12:03:43
                                          Start date:05/12/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff66e660000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:15
                                          Start time:12:04:18
                                          Start date:05/12/2024
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\system32\cmd.exe /c ERRORR~1.BAT
                                          Imagebase:0x1c0000
                                          File size:236'544 bytes
                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:16
                                          Start time:12:04:18
                                          Start date:05/12/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff66e660000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:17
                                          Start time:12:04:18
                                          Start date:05/12/2024
                                          Path:C:\Windows\SysWOW64\explorer.exe
                                          Wow64 process (32bit):true
                                          Commandline:explorer http://ukrnic.com/~freexp/index.php
                                          Imagebase:0xa30000
                                          File size:4'514'184 bytes
                                          MD5 hash:DD6597597673F72E10C9DE7901FBA0A8
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:18
                                          Start time:12:04:18
                                          Start date:05/12/2024
                                          Path:C:\Windows\explorer.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                          Imagebase:0x7ff609140000
                                          File size:5'141'208 bytes
                                          MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:19
                                          Start time:12:04:19
                                          Start date:05/12/2024
                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://ukrnic.com/~freexp/index.php
                                          Imagebase:0x7ff684c40000
                                          File size:3'242'272 bytes
                                          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:false

                                          General

                                          Target ID:22
                                          Start time:12:04:19
                                          Start date:05/12/2024
                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1980,i,6152101684222983417,8796225915089315324,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                          Imagebase:0x7ff684c40000
                                          File size:3'242'272 bytes
                                          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:false

                                          Disassembly

                                          No disassembly