Windows Analysis Report
Overwatch-Installer.exe

Overview

General Information

Sample name:	Overwatch-Installer.exe
Analysis ID:	1502487
MD5:	ca43bdbd4aac599edc0e76ccde512f8a
SHA1:	2f253c8f76a6dba5af7ded25a091a4cc2bbf23db
SHA256:	27e46901a6243f1d9c62e2571078b0e4818de98ce600d46bbb1ef32591f48219
Tags:	agentteslaexe
Infos:

Detection

Agent Tesla, AgentTesla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Detected Agent Tesla keylogger

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Yara detected AntiVM3

.NET source code contains potential unpacker

AI detected suspicious sample

Contains functionality to capture screen (.Net source)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Installs a global keyboard hook

Machine Learning detection for dropped file

Machine Learning detection for sample

Moves itself to temp directory

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Instant Messenger accounts or passwords

Tries to steal Mail credentials (via file / registry access)

Yara detected Generic Downloader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to detect virtual machines (STR)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://0xmrmagnezi.github.io/malware%20analysis/AgentTesla/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Overwatch-Installer.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Avira: detection malicious, Label: TR/Spy.Agent.lkofd

Found malware configuration

Source: Overwatch-Installer.exe

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "Web Panel", "C2 url": "https://plantain-elk-b8pt.squarespace.com/api/comment/LikeComment"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

ReversingLabs: Detection: 68%

Multi AV Scanner detection for submitted file

Source: Overwatch-Installer.exe	Virustotal: Detection: 61%			Perma Link
Source: Overwatch-Installer.exe	ReversingLabs: Detection: 68%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.7% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: Overwatch-Installer.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: Overwatch-Installer.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49705 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49717 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:49727 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49752 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49753 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49778 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49780 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49779 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49793 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49794 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49795 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:49832 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49835 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49836 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49839 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49840 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49864 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49865 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49866 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49868 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49892 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49895 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49924 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49929 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49930 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49931 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49955 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49957 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49956 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49969 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49970 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49971 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49968 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49982 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49983 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49988 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49986 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49990 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50011 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50010 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50037 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50035 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50036 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50038 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50045 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50063 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50064 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50065 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50090 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50092 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50091 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50094 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50093 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50097 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50096 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50120 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50122 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50121 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:50133 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50148 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50149 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50150 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50153 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50154 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50175 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50174 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50179 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50176 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50178 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50177 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50181 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50183 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50204 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50208 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50214 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50224 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50225 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50226 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50227 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50223 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50230 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50231 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50232 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50269 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50270 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50272 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50271 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50279 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50280 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50281 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50282 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50307 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50308 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50310 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50309 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50335 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50336 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50337 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50338 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50339 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50349 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50348 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50356 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50364 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50365 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50367 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50379 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50381 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50380 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50378 version: TLS 1.0

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: Overwatch-Installer.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb source: Overwatch-Installer.exe, nefgd.exe.0.dr
Source:	Binary string: r\VB.net\stealers\firefoxx64\firefox\obj\Debug\firefox.pdb source: Overwatch-Installer.exe, nefgd.exe.0.dr

Networking

Yara detected Generic Downloader

Source: Yara match	File source: Overwatch-Installer.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 198.185.159.177 198.185.159.177
Source: Joe Sandbox View	IP Address: 198.185.159.177 198.185.159.177
Source: Joe Sandbox View	IP Address: 193.122.6.168 193.122.6.168

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: SQUARESPACEUS SQUARESPACEUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

May check the online IP address of the machine

Source: unknown

DNS query: name: checkip.dyndns.org

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 596Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 596Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 870Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108472Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108898Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108470Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108470Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108470Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116722Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116722Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116720Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108470Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116722Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108472Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108470Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116736Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116736Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116736Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108426Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108426Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49705 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49717 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:49727 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49752 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49753 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49778 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49780 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49779 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49793 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49794 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49795 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:49832 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49835 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49836 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49839 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49840 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49864 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49865 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49866 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49868 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49892 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49895 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49924 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49929 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49930 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49931 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49955 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49957 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49956 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49969 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49970 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49971 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49968 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49982 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49983 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49988 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49986 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49990 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50011 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50010 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50037 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50035 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50036 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50038 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50045 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50063 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50064 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50065 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50090 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50092 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50091 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50094 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50093 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50097 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50096 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50120 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50122 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50121 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:50133 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50148 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50149 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50150 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50153 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50154 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50175 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50174 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50179 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50176 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50178 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50177 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50181 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50183 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50204 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50208 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50214 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50224 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50225 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50226 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50227 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50223 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50230 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50231 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50232 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50269 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50270 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50272 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50271 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50279 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50280 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50281 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50282 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50307 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50308 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50310 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50309 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50335 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50336 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50337 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50338 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50339 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50349 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50348 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50356 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50364 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50365 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50367 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50379 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50381 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50380 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50378 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Code function: 4_2_00A6A09A recv,

4_2_00A6A09A

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: plantain-elk-b8pt.squarespace.com

Source: unknown

HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continueConnection: Keep-Alive

Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://DynDns.com
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://Paltalk.com
Source: nefgd.exe, 00000004.00000002.2461942040.0000000002B50000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000004.00000002.2461942040.0000000002B8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003631000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000004.00000002.2461942040.0000000002B50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://checkip.dyndns.org/E
Source: Overwatch-Installer.exe, 00000000.00000002.4463340564.0000000001198000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.
Source: Overwatch-Installer.exe, 00000000.00000002.4463340564.0000000001198000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.LinkId=42127
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://no-ip.com
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://scripts.sil.org/OFL
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://www.google.com/get/noto/
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&)
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&9
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.G
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.Z
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.c
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.w
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2.
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2E
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2a
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2t
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd60
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd67
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6H
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6R
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6m
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:O
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:X
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:l
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:n
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdB
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdB%
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdB3
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdB=
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBA
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBG
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBb
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBe
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdF
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdF1
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdFM
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdFW
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdFa
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJ
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJ#
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJK
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJe
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJg
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJs
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdN
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdN2
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdN6
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdNW
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdR
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdR&
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdR;
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRB
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRL
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRV
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRq
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdV
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdVS
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdVh
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdVp
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZ
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZt
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdb
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdb5
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbH
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbQ
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbe
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbu
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdf
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdf3
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfO
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfb
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfi
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfw
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdf~
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdj
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdj%
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdj6
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdn
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdn=
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdnF
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdnZ
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdr
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdr(
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrD
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrW
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrl
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrs
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrz
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdv
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdv/
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdv5
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdvP
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdvS
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdvx
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdz
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdz;
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdzE
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdzO
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdzj
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~9
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~L
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~S
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~U
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~a
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~i
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~y
Source: nefgd.exe, 00000003.00000002.4464189616.0000000003631000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000405A000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.00000000040A4000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003C32000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000402D000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000403C000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003CF1000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003C7B000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000004057000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000409F000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000404E000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000403F000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000004076000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000406F000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003E9C000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000406B000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000004060000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000400C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com$
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com/api/comment/LikeComment
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com7

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 50359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 50280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 50235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 50382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 50347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 50335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 50282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 50313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 50369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50337
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50336
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50339
Source: unknown	Network traffic detected: HTTP traffic on port 50386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50338
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50331
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50330
Source: unknown	Network traffic detected: HTTP traffic on port 50225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50333
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50335
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50334
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50349
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50340
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50342
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50341
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 50339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50344
Source: unknown	Network traffic detected: HTTP traffic on port 50352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50345
Source: unknown	Network traffic detected: HTTP traffic on port 50289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50358
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50351
Source: unknown	Network traffic detected: HTTP traffic on port 50317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50353
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50354
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50357
Source: unknown	Network traffic detected: HTTP traffic on port 50374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50356
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50360
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50361
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50364
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50363
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50365
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50367
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50370
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50303
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50305
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50307
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50309
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50300
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50301
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50314
Source: unknown	Network traffic detected: HTTP traffic on port 50384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50316
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50319
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50318
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50313
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50312
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50325
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50328
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50327
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50329
Source: unknown	Network traffic detected: HTTP traffic on port 50245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50320
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50321
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50323
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50295
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50297
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50299
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 50331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095

Key, Mouse, Clipboard, Microphone and Screen Capturing

Detected Agent Tesla keylogger

Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_Clipboard
Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Memory string: set_Sendwebcam
Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_ComputerName
Source: Overwatch-Installer.exe, 00000000.00000002.4512994747.0000000006610000.00000004.08000000.00040000.00000000.sdmp	Memory string: get_Username

Contains functionality to capture screen (.Net source)

Source: Overwatch-Installer.exe, B.cs	.Net Code: O_U
Source: nefgd.exe.0.dr, B.cs	.Net Code: O_U

Installs a global keyboard hook

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Windows user hook set: 0 keyboard low level C:\Users\user\Desktop\Overwatch-Installer.exe			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\nefgd\nefgd.exe			Jump to behavior

Creates a window with clipboard capturing capabilities

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Window created: window name: CLIPBRDWNDCLASS			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Window created: window name: CLIPBRDWNDCLASS			Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: Process Memory Space: Overwatch-Installer.exe PID: 7160, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!
Source: Process Memory Space: nefgd.exe PID: 5952, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: AgentTesla Payload Author: kevoreilly
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen

Yara detected AgentTesla

Source: Yara match	File source: Process Memory Space: Overwatch-Installer.exe PID: 7160, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: nefgd.exe PID: 5952, type: MEMORYSTR
Source: Yara match	File source: Overwatch-Installer.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process Stats: CPU usage > 49%

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Memory allocated: 77A30000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 70AC0000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 70FC0000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 77030000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 701C0000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 70DC0000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 726C0000 page read and write	Jump to behavior

Contains functionality to call native functions

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_05BF2D92 NtQuerySystemInformation,	0_2_05BF2D92
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_05BF2D57 NtQuerySystemInformation,	0_2_05BF2D57
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06122EBA NtQuerySystemInformation,	3_2_06122EBA
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06122E7F NtQuerySystemInformation,	3_2_06122E7F

Detected potential crypto function

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_052F0F78	0_2_052F0F78
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_052F3E4F	0_2_052F3E4F
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_052F0F68	0_2_052F0F68
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_052F1299	0_2_052F1299
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_06705550	0_2_06705550
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_0670A138	0_2_0670A138
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_0670A7E8	0_2_0670A7E8
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_06700070	0_2_06700070
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_0670001F	0_2_0670001F
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_0670A7D9	0_2_0670A7D9
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_06874120	0_2_06874120
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_05823CBF	3_2_05823CBF
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_05820F78	3_2_05820F78
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_05821299	3_2_05821299
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_05820F69	3_2_05820F69
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06B309C5	3_2_06B309C5
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C3A7E8	3_2_06C3A7E8
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C35550	3_2_06C35550
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C3A138	3_2_06C3A138
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C3A7D9	3_2_06C3A7D9
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C351A8	3_2_06C351A8
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06DA2F38	3_2_06DA2F38
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 4_2_01090F78	4_2_01090F78
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 4_2_01091299	4_2_01091299

One or more processes crash

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 9900

Sample file is different than original file name gathered from version info

Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameIELibrary.dll4 vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamefirefox.exe4 vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameOverwatch-Setup.exeD vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe, 00000000.00000002.4512994747.0000000006610000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameIELibrary.dll4 vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe	Binary or memory string: OriginalFilenameIELibrary.dll4 vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe	Binary or memory string: OriginalFilenamefirefox.exe4 vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe	Binary or memory string: OriginalFilenameOverwatch-Setup.exeD vs Overwatch-Installer.exe

Uses 32bit PE files

Source: Overwatch-Installer.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: Process Memory Space: Overwatch-Installer.exe PID: 7160, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, version = stealer, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a
Source: Process Memory Space: nefgd.exe PID: 5952, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, version = stealer, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload

Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, DJW.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, DJW.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.phis.troj.spyw.evad.winEXE@5/5@2/2

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_05BF244E AdjustTokenPrivileges,	0_2_05BF244E
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_05BF2417 AdjustTokenPrivileges,	0_2_05BF2417
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06122576 AdjustTokenPrivileges,	3_2_06122576
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_0612253F AdjustTokenPrivileges,	3_2_0612253F
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 4_2_056D2576 AdjustTokenPrivileges,	4_2_056D2576
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 4_2_056D253F AdjustTokenPrivileges,	4_2_056D253F

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File created: C:\Users\user\AppData\Roaming\nefgd

Jump to behavior

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\0adb3fa2-395c-4d5d-8556-78f145631ec1

Source: Overwatch-Installer.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Overwatch-Installer.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Overwatch-Installer.exe	Virustotal: Detection: 61%
Source: Overwatch-Installer.exe	ReversingLabs: Detection: 68%

Source: Overwatch-Installer.exe	String found in binary or memory: Overwatch-Launcher
Source: Overwatch-Installer.exe	String found in binary or memory: hle das Installationsverzeichnis aus:Overwatch-LauncherOverwatch-SetupJQW`nw

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File read: C:\Users\user\Desktop\Overwatch-Installer.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Overwatch-Installer.exe "C:\Users\user\Desktop\Overwatch-Installer.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe "C:\Users\user\AppData\Roaming\nefgd\nefgd.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe "C:\Users\user\AppData\Roaming\nefgd\nefgd.exe"
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 9900
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 9900	Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: Overwatch-Installer.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: Overwatch-Installer.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb source: Overwatch-Installer.exe, nefgd.exe.0.dr
Source:	Binary string: r\VB.net\stealers\firefoxx64\firefox\obj\Debug\firefox.pdb source: Overwatch-Installer.exe, nefgd.exe.0.dr

Data Obfuscation

.NET source code contains potential unpacker

Source: Overwatch-Installer.exe, DJW.cs	.Net Code: FG System.Reflection.Assembly.Load(byte[])
Source: nefgd.exe.0.dr, DJW.cs	.Net Code: FG System.Reflection.Assembly.Load(byte[])

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_066015A8 pushad ; retf	0_2_066015F9
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06B31D3B pushfd ; ret	3_2_06B31D3E
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C39E98 push eax; retf	3_2_06C39E99
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C30BE1 push ecx; ret	3_2_06C30BE2
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C30C57 push ecx; ret	3_2_06C30C58

Drops PE files

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File created: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Jump to dropped file

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyOtApp			Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyOtApp			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	File opened: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe:Zone.Identifier read attributes \| delete			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe:Zone.Identifier read attributes \| delete			Jump to behavior

Moves itself to temp directory

Source: c:\users\user\desktop\overwatch-installer.exe

File moved: C:\Users\user\AppData\Local\Temp\tmpG571.tmp

Jump to behavior

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: Overwatch-Installer.exe PID: 7160, type: MEMORYSTR

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Memory allocated: 1620000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Memory allocated: 3110000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Memory allocated: 5110000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 18E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 3630000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 5630000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 79430000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: E40000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 2B00000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 4B00000 memory commit \| memory reserve \| memory write watch

Contains functionality to detect virtual machines (STR)

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Code function: 3_2_06B33427 str word ptr [edi]

3_2_06B33427

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Window / User API: threadDelayed 8049	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Window / User API: threadDelayed 995	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Window / User API: threadDelayed 3336	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Window / User API: threadDelayed 5802	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\Overwatch-Installer.exe TID: 6556	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe TID: 6556	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe TID: 6556	Thread sleep time: -168000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe TID: 6556	Thread sleep time: -120735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe TID: 6556	Thread sleep time: -995000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe TID: 5456	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe TID: 5456	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe TID: 5456	Thread sleep time: -3336000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe TID: 5456	Thread sleep time: -87030s >= -30000s	Jump to behavior

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Code function: 0_2_05BF6B52 GetSystemInfo,

0_2_05BF6B52

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Thread delayed: delay time: 60000	Jump to behavior

Source: nefgd.exe, 00000004.00000002.2461493329.0000000000AFE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: nefgd.exe, 00000004.00000002.2461493329.0000000000AFE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllI
Source: Overwatch-Installer.exe, 00000000.00000002.4463340564.000000000120D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: nefgd.exe, 00000003.00000002.4463130688.0000000001768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll#

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Code function: 0_2_052F1D68 LdrInitializeThunk,

0_2_052F1D68

Enables debug privileges

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Memory allocated: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 9900

Jump to behavior

Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <br><span style=font-size:14px;font-style:normal;text-decoration:none;text-transform:none;color:#0099cc;>[Program Manager]<span style=font-style:normal;text-decoration:none;text-transform:none;color:#000000;> (09/01/2024 16:04:26)</span></span><br>

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini			Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\FTP Navigator\Ftplist.txt			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml			Jump to behavior

Tries to steal Instant Messenger accounts or passwords

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key opened: HKEY_CURRENT_USER\Software\Paltalk

Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior

Yara detected Credential Stealer

Source: Yara match	File source: Overwatch-Installer.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4464189616.0000000003631000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Overwatch-Installer.exe PID: 7160, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: nefgd.exe PID: 5952, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
198.185.159.177	plantain-elk-b8pt.squarespace.com	United States		53831	SQUARESPACEUS	true
193.122.6.168	checkip.dyndns.com	United States		31898	ORACLE-BMC-31898US	false

Contacted Domains

Name	IP	Active
plantain-elk-b8pt.squarespace.com	198.185.159.177	true
checkip.dyndns.com	193.122.6.168	true
checkip.dyndns.org	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://checkip.dyndns.org/	false	URL Reputation: safe	unknown
https://plantain-elk-b8pt.squarespace.com/api/comment/LikeComment	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Overwatch-Installer.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Avira: detection malicious, Label: TR/Spy.Agent.lkofd

Found malware configuration

Source: Overwatch-Installer.exe

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "Web Panel", "C2 url": "https://plantain-elk-b8pt.squarespace.com/api/comment/LikeComment"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

ReversingLabs: Detection: 68%

Multi AV Scanner detection for submitted file

Source: Overwatch-Installer.exe	Virustotal: Detection: 61%			Perma Link
Source: Overwatch-Installer.exe	ReversingLabs: Detection: 68%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.7% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: Overwatch-Installer.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: Overwatch-Installer.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49705 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49717 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:49727 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49752 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49753 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49778 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49780 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49779 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49793 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49794 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49795 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:49832 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49835 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49836 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49839 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49840 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49864 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49865 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49866 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49868 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49892 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49895 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49924 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49929 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49930 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49931 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49955 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49957 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49956 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49969 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49970 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49971 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49968 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49982 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49983 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49988 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49986 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49990 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50011 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50010 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50037 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50035 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50036 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50038 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50045 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50063 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50064 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50065 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50090 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50092 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50091 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50094 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50093 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50097 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50096 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50120 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50122 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50121 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:50133 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50148 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50149 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50150 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50153 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50154 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50175 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50174 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50179 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50176 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50178 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50177 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50181 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50183 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50204 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50208 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50214 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50224 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50225 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50226 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50227 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50223 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50230 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50231 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50232 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50269 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50270 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50272 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50271 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50279 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50280 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50281 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50282 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50307 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50308 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50310 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50309 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50335 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50336 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50337 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50338 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50339 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50349 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50348 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50356 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50364 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50365 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50367 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50379 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50381 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50380 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50378 version: TLS 1.0

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: Overwatch-Installer.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb source: Overwatch-Installer.exe, nefgd.exe.0.dr
Source:	Binary string: r\VB.net\stealers\firefoxx64\firefox\obj\Debug\firefox.pdb source: Overwatch-Installer.exe, nefgd.exe.0.dr

Networking

Yara detected Generic Downloader

Source: Yara match	File source: Overwatch-Installer.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 198.185.159.177 198.185.159.177
Source: Joe Sandbox View	IP Address: 198.185.159.177 198.185.159.177
Source: Joe Sandbox View	IP Address: 193.122.6.168 193.122.6.168

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: SQUARESPACEUS SQUARESPACEUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

May check the online IP address of the machine

Source: unknown

DNS query: name: checkip.dyndns.org

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 596Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 596Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 870Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108472Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108898Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108470Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108470Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108470Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116722Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116722Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116720Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108470Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116722Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108472Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108470Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116736Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116736Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116736Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108426Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108426Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49705 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49717 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:49727 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49752 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49753 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49778 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49780 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49779 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49793 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49794 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49795 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:49832 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49835 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49836 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49839 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49840 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49864 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49865 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49866 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49868 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49892 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49895 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49924 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49929 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49930 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49931 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49955 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49957 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49956 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49969 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49970 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49971 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49968 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49982 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49983 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49988 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49986 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49990 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50011 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50010 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50037 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50035 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50036 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50038 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50045 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50063 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50064 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50065 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50090 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50092 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50091 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50094 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50093 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50097 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50096 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50120 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50122 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50121 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:50133 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50148 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50149 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50150 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50153 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50154 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50175 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50174 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50179 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50176 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50178 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50177 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50181 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50183 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50204 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50208 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50214 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50224 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50225 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50226 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50227 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50223 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50230 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50231 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50232 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50269 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50270 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50272 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50271 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50279 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50280 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50281 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50282 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50307 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50308 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50310 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50309 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50335 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50336 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50337 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50338 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50339 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50349 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50348 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50356 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50364 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50365 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50367 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50379 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50381 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50380 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50378 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Code function: 4_2_00A6A09A recv,

4_2_00A6A09A

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: plantain-elk-b8pt.squarespace.com

Source: unknown

Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://DynDns.com
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://Paltalk.com
Source: nefgd.exe, 00000004.00000002.2461942040.0000000002B50000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000004.00000002.2461942040.0000000002B8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003631000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000004.00000002.2461942040.0000000002B50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://checkip.dyndns.org/E
Source: Overwatch-Installer.exe, 00000000.00000002.4463340564.0000000001198000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.
Source: Overwatch-Installer.exe, 00000000.00000002.4463340564.0000000001198000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.LinkId=42127
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://no-ip.com
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://scripts.sil.org/OFL
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://www.google.com/get/noto/
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&)
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&9
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.G
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.Z
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.c
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.w
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2.
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2E
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2a
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2t
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd60
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd67
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6H
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6R
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6m
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:O
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:X
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:l
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:n
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdB
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdB%
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdB3
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdB=
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBA
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBG
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBb
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBe
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdF
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdF1
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdFM
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdFW
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdFa
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJ
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJ#
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJK
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJe
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJg
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJs
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdN
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdN2
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdN6
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdNW
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdR
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdR&
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdR;
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRB
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRL
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRV
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRq
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdV
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdVS
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdVh
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdVp
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZ
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZt
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdb
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdb5
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbH
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbQ
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbe
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbu
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdf
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdf3
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfO
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfb
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfi
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfw
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdf~
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdj
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdj%
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdj6
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdn
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdn=
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdnF
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdnZ
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdr
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdr(
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrD
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrW
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrl
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrs
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrz
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdv
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdv/
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdv5
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdvP
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdvS
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdvx
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdz
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdz;
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdzE
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdzO
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdzj
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~9
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~L
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~S
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~U
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~a
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~i
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~y
Source: nefgd.exe, 00000003.00000002.4464189616.0000000003631000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000405A000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.00000000040A4000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003C32000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000402D000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000403C000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003CF1000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003C7B000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000004057000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000409F000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000404E000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000403F000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000004076000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000406F000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003E9C000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000406B000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000004060000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000400C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com$
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com/api/comment/LikeComment
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com7

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 50359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 50280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 50235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 50382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 50347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 50335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 50282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 50313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 50369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50337
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50336
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50339
Source: unknown	Network traffic detected: HTTP traffic on port 50386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50338
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50331
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50330
Source: unknown	Network traffic detected: HTTP traffic on port 50225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50333
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50335
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50334
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50349
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50340
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50342
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50341
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 50339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50344
Source: unknown	Network traffic detected: HTTP traffic on port 50352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50345
Source: unknown	Network traffic detected: HTTP traffic on port 50289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50358
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50351
Source: unknown	Network traffic detected: HTTP traffic on port 50317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50353
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50354
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50357
Source: unknown	Network traffic detected: HTTP traffic on port 50374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50356
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50360
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50361
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50364
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50363
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50365
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50367
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50370
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50303
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50305
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50307
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50309
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50300
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50301
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50314
Source: unknown	Network traffic detected: HTTP traffic on port 50384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50316
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50319
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50318
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50313
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50312
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50325
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50328
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50327
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50329
Source: unknown	Network traffic detected: HTTP traffic on port 50245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50320
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50321
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50323
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50295
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50297
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50299
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 50331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095

Key, Mouse, Clipboard, Microphone and Screen Capturing

Detected Agent Tesla keylogger

Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_Clipboard
Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Memory string: set_Sendwebcam
Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_ComputerName
Source: Overwatch-Installer.exe, 00000000.00000002.4512994747.0000000006610000.00000004.08000000.00040000.00000000.sdmp	Memory string: get_Username

Contains functionality to capture screen (.Net source)

Source: Overwatch-Installer.exe, B.cs	.Net Code: O_U
Source: nefgd.exe.0.dr, B.cs	.Net Code: O_U

Installs a global keyboard hook

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Windows user hook set: 0 keyboard low level C:\Users\user\Desktop\Overwatch-Installer.exe			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\nefgd\nefgd.exe			Jump to behavior

Creates a window with clipboard capturing capabilities

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Window created: window name: CLIPBRDWNDCLASS			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Window created: window name: CLIPBRDWNDCLASS			Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: Process Memory Space: Overwatch-Installer.exe PID: 7160, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!
Source: Process Memory Space: nefgd.exe PID: 5952, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: AgentTesla Payload Author: kevoreilly
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen

Yara detected AgentTesla

Source: Yara match	File source: Process Memory Space: Overwatch-Installer.exe PID: 7160, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: nefgd.exe PID: 5952, type: MEMORYSTR
Source: Yara match	File source: Overwatch-Installer.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process Stats: CPU usage > 49%

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Memory allocated: 77A30000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 70AC0000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 70FC0000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 77030000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 701C0000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 70DC0000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 726C0000 page read and write	Jump to behavior

Contains functionality to call native functions

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_05BF2D92 NtQuerySystemInformation,	0_2_05BF2D92
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_05BF2D57 NtQuerySystemInformation,	0_2_05BF2D57
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06122EBA NtQuerySystemInformation,	3_2_06122EBA
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06122E7F NtQuerySystemInformation,	3_2_06122E7F

Detected potential crypto function

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_052F0F78	0_2_052F0F78
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_052F3E4F	0_2_052F3E4F
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_052F0F68	0_2_052F0F68
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_052F1299	0_2_052F1299
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_06705550	0_2_06705550
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_0670A138	0_2_0670A138
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_0670A7E8	0_2_0670A7E8
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_06700070	0_2_06700070
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_0670001F	0_2_0670001F
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_0670A7D9	0_2_0670A7D9
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_06874120	0_2_06874120
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_05823CBF	3_2_05823CBF
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_05820F78	3_2_05820F78
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_05821299	3_2_05821299
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_05820F69	3_2_05820F69
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06B309C5	3_2_06B309C5
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C3A7E8	3_2_06C3A7E8
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C35550	3_2_06C35550
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C3A138	3_2_06C3A138
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C3A7D9	3_2_06C3A7D9
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C351A8	3_2_06C351A8
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06DA2F38	3_2_06DA2F38
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 4_2_01090F78	4_2_01090F78
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 4_2_01091299	4_2_01091299

One or more processes crash

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 9900

Sample file is different than original file name gathered from version info

Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameIELibrary.dll4 vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamefirefox.exe4 vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameOverwatch-Setup.exeD vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe, 00000000.00000002.4512994747.0000000006610000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameIELibrary.dll4 vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe	Binary or memory string: OriginalFilenameIELibrary.dll4 vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe	Binary or memory string: OriginalFilenamefirefox.exe4 vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe	Binary or memory string: OriginalFilenameOverwatch-Setup.exeD vs Overwatch-Installer.exe

Uses 32bit PE files

Source: Overwatch-Installer.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: Process Memory Space: Overwatch-Installer.exe PID: 7160, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, version = stealer, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a
Source: Process Memory Space: nefgd.exe PID: 5952, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, version = stealer, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload

Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, DJW.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, DJW.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.phis.troj.spyw.evad.winEXE@5/5@2/2

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_05BF244E AdjustTokenPrivileges,	0_2_05BF244E
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_05BF2417 AdjustTokenPrivileges,	0_2_05BF2417
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06122576 AdjustTokenPrivileges,	3_2_06122576
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_0612253F AdjustTokenPrivileges,	3_2_0612253F
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 4_2_056D2576 AdjustTokenPrivileges,	4_2_056D2576
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 4_2_056D253F AdjustTokenPrivileges,	4_2_056D253F

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File created: C:\Users\user\AppData\Roaming\nefgd

Jump to behavior

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\0adb3fa2-395c-4d5d-8556-78f145631ec1

Source: Overwatch-Installer.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Overwatch-Installer.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Overwatch-Installer.exe	Virustotal: Detection: 61%
Source: Overwatch-Installer.exe	ReversingLabs: Detection: 68%

Source: Overwatch-Installer.exe	String found in binary or memory: Overwatch-Launcher
Source: Overwatch-Installer.exe	String found in binary or memory: hle das Installationsverzeichnis aus:Overwatch-LauncherOverwatch-SetupJQW`nw

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File read: C:\Users\user\Desktop\Overwatch-Installer.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Overwatch-Installer.exe "C:\Users\user\Desktop\Overwatch-Installer.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe "C:\Users\user\AppData\Roaming\nefgd\nefgd.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe "C:\Users\user\AppData\Roaming\nefgd\nefgd.exe"
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 9900
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 9900	Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: Overwatch-Installer.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: Overwatch-Installer.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb source: Overwatch-Installer.exe, nefgd.exe.0.dr
Source:	Binary string: r\VB.net\stealers\firefoxx64\firefox\obj\Debug\firefox.pdb source: Overwatch-Installer.exe, nefgd.exe.0.dr

Data Obfuscation

.NET source code contains potential unpacker

Source: Overwatch-Installer.exe, DJW.cs	.Net Code: FG System.Reflection.Assembly.Load(byte[])
Source: nefgd.exe.0.dr, DJW.cs	.Net Code: FG System.Reflection.Assembly.Load(byte[])

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_066015A8 pushad ; retf	0_2_066015F9
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06B31D3B pushfd ; ret	3_2_06B31D3E
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C39E98 push eax; retf	3_2_06C39E99
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C30BE1 push ecx; ret	3_2_06C30BE2
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C30C57 push ecx; ret	3_2_06C30C58

Drops PE files

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File created: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Jump to dropped file

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyOtApp			Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyOtApp			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	File opened: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe:Zone.Identifier read attributes \| delete			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe:Zone.Identifier read attributes \| delete			Jump to behavior

Moves itself to temp directory

Source: c:\users\user\desktop\overwatch-installer.exe

File moved: C:\Users\user\AppData\Local\Temp\tmpG571.tmp

Jump to behavior

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: Overwatch-Installer.exe PID: 7160, type: MEMORYSTR

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Memory allocated: 1620000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Memory allocated: 3110000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Memory allocated: 5110000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 18E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 3630000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 5630000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 79430000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: E40000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 2B00000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 4B00000 memory commit \| memory reserve \| memory write watch

Contains functionality to detect virtual machines (STR)

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Code function: 3_2_06B33427 str word ptr [edi]

3_2_06B33427

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Window / User API: threadDelayed 8049	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Window / User API: threadDelayed 995	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Window / User API: threadDelayed 3336	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Window / User API: threadDelayed 5802	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\Overwatch-Installer.exe TID: 6556	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe TID: 6556	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe TID: 6556	Thread sleep time: -168000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe TID: 6556	Thread sleep time: -120735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe TID: 6556	Thread sleep time: -995000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe TID: 5456	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe TID: 5456	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe TID: 5456	Thread sleep time: -3336000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe TID: 5456	Thread sleep time: -87030s >= -30000s	Jump to behavior

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Code function: 0_2_05BF6B52 GetSystemInfo,

0_2_05BF6B52

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Thread delayed: delay time: 60000	Jump to behavior

Source: nefgd.exe, 00000004.00000002.2461493329.0000000000AFE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: nefgd.exe, 00000004.00000002.2461493329.0000000000AFE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllI
Source: Overwatch-Installer.exe, 00000000.00000002.4463340564.000000000120D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: nefgd.exe, 00000003.00000002.4463130688.0000000001768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll#

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Code function: 0_2_052F1D68 LdrInitializeThunk,

0_2_052F1D68

Enables debug privileges

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Memory allocated: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 9900

Jump to behavior

Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <br><span style=font-size:14px;font-style:normal;text-decoration:none;text-transform:none;color:#0099cc;>[Program Manager]<span style=font-style:normal;text-decoration:none;text-transform:none;color:#000000;> (09/01/2024 16:04:26)</span></span><br>

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini			Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\FTP Navigator\Ftplist.txt			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml			Jump to behavior

Tries to steal Instant Messenger accounts or passwords

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key opened: HKEY_CURRENT_USER\Software\Paltalk

Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior

Yara detected Credential Stealer

Source: Yara match	File source: Overwatch-Installer.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4464189616.0000000003631000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Overwatch-Installer.exe PID: 7160, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: nefgd.exe PID: 5952, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED

Windows Analysis Report
Overwatch-Installer.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

ID:	1502487
Product:	CloudBasic
Start time:	22:02:10
Start date:	01.09.2024
Sample:	Overwatch-Installer.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	ca43bdbd4aac599edc0e76ccde512f8a
SHA1:	2f253c8f76a6dba5af7ded25a091a4cc2bbf23db
SHA256:	27e46901a6243f1d9c62e2571078b0e4818de98ce600d46bbb1ef32591f48219
Filetype:	Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Name	Type	MD5	SHA1	SHA256
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC8D0.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	2B37F096B99393A0DD05F7B26B1BEDF5	D5101EDBA44652BCB82405FBD8322A4E8FBF2E37	5A5D663896716FAF6C5229D094BF037A13581B78C57A5BA8AABEAB099E8977CB
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCE9D.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	1999EDFD104EFDC4D1D8A6A8B4A66F6F	99B8B24C275472BEAC193EFF572A1A5942C55C10	54943FF5745727957C5D0F97A89F2F2E56A240F8A81D859544E8928AB8512C4C
C:\Users\user\AppData\Roaming\ScreenShot\screen.jpeg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3	400B4D11E1F95A27FF365DD57686992C	69F913FC5BC980BF9C582A1B98E8CD227732774B	B15D9B7CBF0EF3EE7B4D6DADC7789EE5AFE0BF756E6129C59E5E3DB7374E221A
C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	CA43BDBD4AAC599EDC0E76CCDE512F8A	2F253C8F76A6DBA5AF7DED25A091A4CC2BBF23DB	27E46901A6243F1D9C62E2571078B0E4818DE98CE600D46BBB1EF32591F48219
C:\Users\user\AppData\Roaming\nefgd\nefgd.exe:Zone.Identifier	ASCII text, with CRLF line terminators	187F488E27DB4AF347237FE461A079AD	6693BA299EC1881249D59262276A0D2CB21F8E64	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309

Windows Analysis Report Overwatch-Installer.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
Overwatch-Installer.exe

Malware Threat Intel
Provided by